Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung? (https://www.trojaner-board.de/159048-win7-prof-infiziert-win32-packed-asprotect-ds-trojaner-entfernung.html)

lawman99 24.09.2014 13:13
Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung?
 
Hallo,

ich wäre sehr dankbar für Hilfe. Habe gestern unachtsam einen Mail-ZIP-Anhang geöffnet. Habs gleich gemerkt und mich verflucht. Kurz danach kam die Meldung: Windows-Sicherheitscenter deaktiviert. Aktivieren ging nicht...
Ein Scan mit Avast bracht zutage, dass ein Trojaner (s. Betreff) vorhanden war. Die Dateien wurden durch Avast gelöscht. Die Symptome waren aber nach wie vor da (Sicherheitscenter und Firewall ließen sich nicht aktivieren)

Ich habe mir dann "Trojan Remover" heruntergeladen und laufenlassen.
Das Problem mit dem Sicherheistcenter konnte durch ein Microsoft "Fix-it" behoben werden.

Leider habe ich dann erst diese Seite gefunden. Ich habe versucht, die ersten Schritte wie beschrieben vorzunehmen, war aber blöderweise vorher schon aktiv.

Deshalb jetzt zunächst die Logs der empfohlenen Scans:
1. Defogger erfolgreich laufen lassen.

2. Systemscan mit FRST:
a) FRST.txt:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by User1 (administrator) on User1-HP on 24-09-2014 08:42:29
Running from C:\Users\User1\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswServ.exe
() C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\AvAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Gladinet, INC) C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswDisp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\AirVideoServer\AirVideoServer.exe
(1&1 Mail & Media GmbH) C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe
(Microsoft Corporation) C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ReNoStar GmbH) C:\Renostar\ziuboost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Dropbox, Inc.) C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(ReNoStar GmbH) C:\Renostar\ziuserv.exe
(Deutsche Telekom AG) C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\openvpntray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Gladinet, INC) C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladinetClient.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Gladinet) C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladinetPluginHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\aswDisp.exe [81000 2010-02-18] (ALWIL Software)
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe [315392 2009-05-19] (May Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [1912832 2012-10-04] (Dominik Reichl)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe [1666432 2014-05-22] (Simply Super Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [Google Update] => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-05-31] (Google Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [AirVideoServer] => C:\Program Files\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [WEB.DE_WEB.DE SmartDrive Manager] => C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE [1259624 2011-11-21] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [Haufe.TimeManagement] => C:\Program Files\lexware\zeitmanagement\2011\Haufe.TimeManagement.exe [1440112 2012-04-20] (Haufe-Lexware GmbH & Co. KG)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [Free Download Manager] => C:\Program Files\Free Download Manager\fdm.exe [6860288 2013-01-17] (FreeDownloadManager.ORG)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [SkyDrive] => C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-01] (Microsoft Corporation)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [PrinterProDesktop] => C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe [2132992 2012-02-02] ()
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\MountPoints2: {2928cb63-c264-11e0-9291-d8d3857e19f6} - K:\LaunchU3.exe -a
HKU\S-1-5-21-1903734357-4184266498-2229017531-1005\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gladinet Cloud Desktop.lnk
ShortcutTarget: Gladinet Cloud Desktop.lnk -> C:\Windows\Installer\{9ADA9B3F-E787-403A-8CDA-67FD54DDBEC7}\_F2E0BB47ED476F1BDF8B87.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RenoBoost.lnk
ShortcutTarget: RenoBoost.lnk -> C:\Renostar\ziuboost.exe (ReNoStar GmbH)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GladinetIconOverlay -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll (Gladinet, INC)
ShellIconOverlayIdentifiers: GladinetUploading -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll (Gladinet, INC)
ShellIconOverlayIdentifiers: NTFSLink_Hardlink -> {0314E3A0-45DB-4D75-BB86-27B8EF28907B} => C:\Program Files\NTFS Link\ntfslink.dll (Michael Elsdoerfer)
ShellIconOverlayIdentifiers: NTFSLink_Junction -> {61702EF5-1B33-487F-995F-6FA23F1D6652} => C:\Program Files\NTFS Link\ntfslink.dll (Michael Elsdoerfer)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2269050&CUI=UN13549586332807810
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {b106b661-3e1b-4015-af5c-195e909f35c6} -  No File
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=57484016-3AFA-47AE-8752-999379679556&apn_sauid=4F915ABF-D90E-48B7-AB35-63ECFAC8B5A3
SearchScopes: HKCU - {959BE5A4-EE6C-421B-BCF4-D90E4D8F869C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} URL = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1 box.anchorfree.net
Tcpip\Parameters: [DhcpNameServer] 192.168.0.253
Tcpip\..\Interfaces\{9070C6BC-FDE8-47DC-990D-F527F074EC3D}: [NameServer] 192.168.0.250

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.spiegel.de/|hxxp://www.rollingstone.de/|hxxp://www.zeit.de/index|https://secure-squashtv.premiumtv.co.uk/page/secure/BuyNow/?schemeAndHost=http%3A%2F%2Fwww.psasquashtv.com|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1335336225&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fskydrive.live.com%2F%3Flc%3D1031&lc=1031&id=250206&mkt=de-DE&cbcxt=sky
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Разпознаване на устройство Logitech - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\DeviceDetection@logitech.com [2011-10-19]
FF Extension: Free Download Manager plugin - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-12-13]
FF Extension: Xmarks - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\foxmarks@kei.com [2014-09-22]
FF Extension: KeeFox - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\keefox@chris.tomlinson [2014-09-22]
FF Extension: facebookvideo - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{43c35458-c907-439b-bcfd-07d373834689} [2010-06-25]
FF Extension: FT SleekDark - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012-05-09]
FF Extension: Aviary - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408} [2011-12-17]
FF Extension: Embedded Objects - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\firefox@red-cog.com.xpi [2012-01-24]
FF Extension: Facebook Privacy Watcher - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\fpw@informatik.tu-darmstadt.de.xpi [2012-11-09]
FF Extension: MozRepl - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\mozrepl@hyperstruct.net.xpi [2011-07-26]
FF Extension: MyPermissions Cleaner - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{6140bbfd-aa20-11e1-aba7-109add603214}.xpi [2014-01-10]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF Extension: StumbleUpon - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-10-26]
FF Extension: Menu Editor - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2011-03-14]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-03-20]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.spiegel.de/
CHR StartupUrls: Default -> "hxxp://www.spiegel.de/", "hxxp://www.zeit.de/index", "https://startpage.com/deu/"
CHR DefaultSearchKeyword: Default -> 322926C86E96565B5B186D0D93824BA7109A5AB72F38EEFF449414F716A6F639
CHR DefaultSearchURL: Default -> 431FA44896D609C9D05DAD0EBC81671B01516EE64A9157C9D94B71F353B0BCD8
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (ClickPotatoLite Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-21]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-01]
CHR Extension: (Google-Suche) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-01]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Evernote Web Clipper) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2010-09-30]
CHR Extension: (Google Mail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-01]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THOMAS~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR StartMenuInternet: Google Chrome - C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2010-02-18] (ALWIL Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\aswServ.exe [138680 2010-02-18] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe [254040 2010-02-18] (ALWIL Software)
R2 avast! NetAgent; C:\Program Files\Alwil Software\Avast4\AvAgent.exe [52160 2010-02-18] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\aswWebSv.exe [352920 2010-02-18] (ALWIL Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128 2011-12-06] (mobile concepts GmbH)
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [218112 2013-07-16] () [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-09] (Macrovision Europe Ltd.) [File not signed]
R2 GladFileMonSvc; C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [26984 2010-08-27] (Gladinet, INC)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-05-20] (Hewlett-Packard) [File not signed]
R2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [570664 2013-04-26] (AnchorFree Inc.)
R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [463656 2013-04-26] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-04-24] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [390440 2013-04-26] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [549184 2007-10-26] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\Windows\System32\DRIVERS\aswFsBlk.sys [20560 2010-02-18] (ALWIL Software)
R2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [53328 2010-02-18] (ALWIL Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [23120 2010-02-18] (ALWIL Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [114768 2010-02-18] (ALWIL Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [48624 2010-02-18] (ALWIL Software)
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1269760 2010-05-19] (Atheros Communications, Inc.) [File not signed]
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-04-20] (Atheros Communications, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [40648 2013-04-24] (AnchorFree Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 MOBIOLA_Wave; C:\Windows\System32\drivers\mobiolawave.sys [25024 2010-05-14] (SHAPE Services)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2010-09-28] (Sonic Solutions) [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-11-23] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-21] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2012-03-06] (Acronis)
R1 uiwbrdr; C:\Windows\System32\DRIVERS\uiwbrdr.sys [144896 2011-11-21] (1&1 Mail & Media GmbH) [File not signed]
R3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [16640 2008-11-19] (Wondershare) [File not signed]
U3 aswMBR; \??\C:\Users\THOMAS~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\THOMAS~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 08:42 - 2014-09-24 08:43 - 00038011 _____ () C:\Users\User1\Desktop\FRST.txt
2014-09-24 08:42 - 2014-09-24 08:42 - 00000000 ____D () C:\FRST
2014-09-24 08:41 - 2014-09-24 08:41 - 01098240 _____ (Farbar) C:\Users\User1\Desktop\FRST.exe
2014-09-24 08:40 - 2014-09-24 08:40 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-09-24 08:39 - 2014-09-24 08:39 - 00050477 _____ () C:\Users\User1\Desktop\Defogger.exe
2014-09-23 18:58 - 2014-09-23 18:58 - 00000000 ____D () C:\Program Files\ESET
2014-09-23 17:57 - 2014-09-23 18:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 17:56 - 2014-09-23 18:52 - 00000000 ____D () C:\Users\User1\Desktop\mbar
2014-09-23 17:45 - 2014-09-23 17:45 - 00000022 _____ () C:\Windows\S.dirmngr
2014-09-23 17:15 - 2014-09-23 17:15 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Ryxui
2014-09-23 17:14 - 2014-09-23 17:46 - 00000000 ___RD () C:\Users\User1\iCloudDrive
2014-09-23 17:12 - 2014-09-23 17:57 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 17:11 - 2014-09-23 17:56 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 17:00 - 2014-09-23 17:00 - 00000000 ____D () C:\Users\User1\AppData\Local\Apple Inc
2014-09-23 15:05 - 2014-09-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-22 18:54 - 2014-09-22 18:54 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884 (1).msi
2014-09-22 18:53 - 2014-09-22 18:53 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884.msi
2014-09-22 18:33 - 2014-09-22 18:36 - 117536504 _____ (Microsoft Corporation) C:\Users\User1\Downloads\msert.exe
2014-09-22 18:24 - 2014-09-22 18:24 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Simply Super Software
2014-09-22 18:00 - 2014-09-23 17:26 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-22 18:00 - 2014-09-22 18:00 - 00001101 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-09-22 17:58 - 2014-09-22 17:59 - 21657592 _____ (Simply Super Software ) C:\Users\User1\Downloads\trjsetup691.exe
2014-09-22 17:31 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Yzuxri
2014-09-17 13:17 - 2014-09-17 13:17 - 00000000 ____D () C:\Users\User1\Desktop\temp_files
2014-09-11 12:47 - 2014-09-15 11:05 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-11 03:14 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:14 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:14 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:14 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:14 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:14 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:14 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:14 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:14 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:14 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:14 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:14 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:14 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:14 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:14 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:14 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:14 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:14 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:14 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:14 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:14 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:14 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:14 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:14 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:14 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:14 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:14 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:14 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:14 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:14 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:14 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 02:20 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 02:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 02:19 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 02:19 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 02:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 02:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:49 - 2014-09-10 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\Program Files\iPod
2014-09-05 11:52 - 2014-09-05 11:52 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Opera
2014-09-03 15:59 - 2014-09-03 15:59 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-28 09:15 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:15 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 15:36 - 2014-08-25 16:14 - 116784152 _____ () C:\Users\User1\Downloads\www.NewAlbumReleases.net_Tom Petty and The Heartbreakers - Hypnotic Eye (2014) (2).rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 08:43 - 2014-09-24 08:42 - 00038011 _____ () C:\Users\User1\Desktop\FRST.txt
2014-09-24 08:42 - 2014-09-24 08:42 - 00000000 ____D () C:\FRST
2014-09-24 08:41 - 2014-09-24 08:41 - 01098240 _____ (Farbar) C:\Users\User1\Desktop\FRST.exe
2014-09-24 08:40 - 2014-09-24 08:40 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-09-24 08:40 - 2012-01-16 18:10 - 00000000 ____D () C:\Program Files\Free Download Manager
2014-09-24 08:40 - 2010-04-21 17:44 - 00000000 ____D () C:\Users\User1
2014-09-24 08:39 - 2014-09-24 08:39 - 00050477 _____ () C:\Users\User1\Desktop\Defogger.exe
2014-09-24 08:37 - 2010-07-12 16:46 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 08:27 - 2010-04-21 17:19 - 02038098 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 08:14 - 2012-06-26 10:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 07:49 - 2010-05-31 10:28 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA.job
2014-09-23 19:37 - 2010-07-12 16:46 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 18:58 - 2014-09-23 18:58 - 00000000 ____D () C:\Program Files\ESET
2014-09-23 18:52 - 2014-09-23 17:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 18:52 - 2014-09-23 17:56 - 00000000 ____D () C:\Users\User1\Desktop\mbar
2014-09-23 17:57 - 2014-09-23 17:12 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 17:56 - 2014-09-23 17:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 17:54 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 17:54 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 17:49 - 2010-08-30 09:05 - 00000000 ____D () C:\Users\User1\AppData\Local\Gladinet
2014-09-23 17:48 - 2011-02-16 19:01 - 00000000 ___HD () C:\jexepackres
2014-09-23 17:48 - 2010-10-04 15:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Dropbox
2014-09-23 17:48 - 2010-09-22 17:04 - 00000041 _____ () C:\Windows\Filzip.ini
2014-09-23 17:48 - 2010-04-26 17:11 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Skype
2014-09-23 17:47 - 2012-04-30 14:50 - 00000000 ___RD () C:\Users\User1\Google Drive
2014-09-23 17:47 - 2012-04-25 08:38 - 00000000 ___RD () C:\Users\User1\SkyDrive
2014-09-23 17:46 - 2014-09-23 17:14 - 00000000 ___RD () C:\Users\User1\iCloudDrive
2014-09-23 17:45 - 2014-09-23 17:45 - 00000022 _____ () C:\Windows\S.dirmngr
2014-09-23 17:45 - 2014-08-14 09:09 - 00005990 _____ () C:\Windows\PFRO.log
2014-09-23 17:45 - 2014-03-06 11:50 - 00007256 _____ () C:\Windows\setupact.log
2014-09-23 17:45 - 2010-04-21 18:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-09-23 17:45 - 2010-04-21 17:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-23 17:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 17:26 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-23 17:15 - 2014-09-23 17:15 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Ryxui
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-23 17:11 - 2012-07-05 16:13 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-23 17:11 - 2012-07-05 16:13 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Malwarebytes
2014-09-23 17:11 - 2012-07-05 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 17:00 - 2014-09-23 17:00 - 00000000 ____D () C:\Users\User1\AppData\Local\Apple Inc
2014-09-23 17:00 - 2010-04-26 17:01 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Apple Computer
2014-09-23 15:05 - 2014-09-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-23 00:00 - 2010-04-21 17:25 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-22 19:04 - 2009-07-25 14:54 - 01629442 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 18:54 - 2014-09-22 18:54 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884 (1).msi
2014-09-22 18:53 - 2014-09-22 18:53 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884.msi
2014-09-22 18:36 - 2014-09-22 18:33 - 117536504 _____ (Microsoft Corporation) C:\Users\User1\Downloads\msert.exe
2014-09-22 18:24 - 2014-09-22 18:24 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00001101 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-09-22 17:59 - 2014-09-22 17:58 - 21657592 _____ (Simply Super Software ) C:\Users\User1\Downloads\trjsetup691.exe
2014-09-22 17:39 - 2013-12-02 09:54 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForUser1.job
2014-09-22 17:31 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Yzuxri
2014-09-22 16:49 - 2010-05-31 10:28 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core.job
2014-09-22 15:21 - 2010-10-08 14:43 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-09-22 15:01 - 2010-10-04 15:51 - 00001038 _____ () C:\Users\User1\Desktop\Dropbox.lnk
2014-09-22 15:01 - 2010-10-04 15:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 14:56 - 2011-06-29 15:35 - 00000000 ____D () C:\Users\User1\AppData\Local\PokerStars.EU
2014-09-19 14:56 - 2010-04-21 19:40 - 00000000 ____D () C:\Program Files\Holdem Indicator
2014-09-18 06:51 - 2010-05-31 10:29 - 00002393 _____ () C:\Users\User1\Desktop\Google Chrome.lnk
2014-09-17 14:42 - 2014-07-11 11:41 - 00000000 ____D () C:\Users\User1\AppData\Roaming\iFunbox_UserCache
2014-09-17 14:00 - 2012-04-20 18:40 - 00000000 ____D () C:\Users\User1\Downloads\iPod Photo Cache
2014-09-17 13:17 - 2014-09-17 13:17 - 00000000 ____D () C:\Users\User1\Desktop\temp_files
2014-09-16 09:01 - 2012-04-27 10:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-15 11:05 - 2014-09-11 12:47 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-15 09:06 - 2010-04-21 18:33 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 03:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 03:14 - 2013-08-20 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:04 - 2014-05-06 20:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 03:04 - 2011-08-23 11:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 03:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-10 14:14 - 2012-06-26 10:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 14:14 - 2012-06-26 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 09:49 - 2014-09-10 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:49 - 2014-07-22 11:30 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 09:48 - 2011-01-24 22:12 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:48 - 2010-04-26 16:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-09 15:57 - 2010-10-10 22:46 - 00007602 _____ () C:\Users\User1\AppData\Local\resmon.resmoncfg
2014-09-05 11:52 - 2014-09-05 11:52 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Opera
2014-09-05 11:52 - 2009-07-14 04:04 - 00000520 _____ () C:\Windows\win.ini
2014-09-05 03:52 - 2014-09-11 02:19 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-11 02:19 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 16:38 - 2011-06-29 15:35 - 00000000 ____D () C:\Program Files\PokerStars
2014-09-03 15:59 - 2014-09-03 15:59 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-03 15:59 - 2010-04-26 17:10 - 00000000 ____D () C:\ProgramData\Skype
2014-08-29 03:21 - 2009-07-14 06:33 - 00539384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 09:19 - 2010-12-02 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReNoStar
2014-08-26 09:16 - 2010-12-02 12:36 - 00000000 ____D () C:\Renostar
2014-08-25 16:14 - 2014-08-25 15:36 - 116784152 _____ () C:\Users\User1\Downloads\www.NewAlbumReleases.net_Tom Petty and The Heartbreakers - Hypnotic Eye (2014) (2).rar
2014-08-25 09:14 - 2012-04-26 14:53 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2014-08-25 09:12 - 2010-09-21 15:09 - 00000000 ____D () C:\Program Files\Hotspot Shield

Some content of TEMP:
====================
C:\Users\User1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpocffht.dll
C:\Users\User1\AppData\Local\Temp\KB09305459.exe
C:\Users\User1\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\User1\AppData\Local\Temp\applnch.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 19:39

==================== End Of Log ============================
b)Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2014
Ran by User1 at 2014-09-24 08:43:36
Running from C:\Users\User1\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1.5 (HKLM\...\{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1) (Version:  - Dirk Paehl)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
802.11g Wireless PCI Adapter (HKLM\...\InstallShield_{73B944DE-5AAF-4AD8-8688-60872CB227C6}) (Version: 1.0.0.1 - SMC)
802.11g Wireless PCI Adapter (Version: 1.0.0.1 - SMC) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0 - Adobe Systems) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Photoshop Elements 4.0 (HKLM\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 4.0 (Version: 4.0 - Adobe Systems, Inc.) Hidden
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Aimersoft DVD Creator(Build 2.5.2.15) (HKLM\...\Aimersoft DVD Creator_is1) (Version:  - Wondershare Software)
Air Video Server 2.4.3 (HKLM\...\Air Video Server) (Version: 2.4.3 - InMethod, s.r.o.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
avast! Antivirus (managed) (HKLM\...\avast!NET) (Version: 4.8 - Alwil Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities Digital Photo Professional 3.9 (HKLM\...\DPP) (Version: 3.9.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)
ChannelEditor (HKLM\...\{2CB14BDA-5241-4F45-98C5-23520E366B89}) (Version: 1.0.0 - inverto.tv)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
DMG Extractor (HKCU\...\DMG Extractor) (Version: 1.2.1.0 - Reincubate Ltd)
Drago 4.20 (HKLM\...\Drago_is1) (Version:  - Gilles Arcas-Luque)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: 6.15.0.27 - DVDVideoSoftTB)
DVR-Studio Pro 2 (HKLM\...\{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}) (Version:  - Haenlein Software)
eDocPrintPro v3.15.2 (HKLM\...\{45B8441A-0346-4D6C-88A8-01821DA28D04}) (Version: 3.15.2 - MAY-Computer)
Emicsoft MKV Converter (HKLM\...\Emicsoft MKV Converter_is1) (Version:  - )
Evernote v. 4.5.10 (HKLM\...\{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}) (Version: 4.5.10.7472 - Evernote Corp.)
Express Scribe (HKLM\...\Scribe) (Version:  - NCH Software)
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Filzip 3.06 (HKLM\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
Free Audio Converter version 5.0.26.622 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.26.622 - DVDVideoSoft Ltd.)
Free Download Manager 3.9.2 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.3.WIN.FullTilt.COM - )
Gladinet Cloud Desktop (HKLM\...\{9ADA9B3F-E787-403A-8CDA-67FD54DDBEC7}) (Version: 2.3.432 - Gladinet)
Google Calendar Sync (HKLM\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.66 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Gpg4win (2.2.0-beta34) (HKLM\...\GPG4Win) (Version: 2.2.0-beta34 - The Gpg4win Project)
gs_x86 (HKLM\...\{6AB6CBD4-ED44-4EAA-8496-228395B1C1D0}) (Version: 8.64 - MAY-Computer)
HandBrake 0.9.5 (HKLM\...\HandBrake) (Version: 0.9.5 - )
HDD-Booster v1.2 (HKLM\...\HDD-Booster_is1) (Version:  - ASCOMP Software GmbH)
Holdem Indicator 1.8.4 (HKLM\...\Holdem Indicator_is1) (Version:  - hxxp://www.HoldemIndicator.com)
Hotspot Shield 2.93 (HKLM\...\HotspotShield) (Version: 2.93 - AnchorFree)
HP Customer Experience Enhancements (Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Softpaq SP500287 (HKLM\...\SP50028) (Version:  - )
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
iBackupBot for iTunes 3.1.6 (HKLM\...\iBackupBot for iTunes) (Version: 3.1.6 - VOWSoft, Ltd.)
iCloud (HKLM\...\{8D9592B4-7E22-4D1F-B2CB-B5F0F2F619CB}) (Version: 4.0.3.56 - Apple Inc.)
iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.8.2414.748 - )
iPhoneBrowser (HKLM\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTuner (HKLM\...\{E233EF8A-D04F-49B9-996B-218F3C3EA543}) (Version: 1.2.3782 - River Software)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
KeePass Password Safe 1.20 (HKLM\...\KeePass Password Safe_is1) (Version: 1.20 - Dominik Reichl)
KeePass Password Safe 2.20.1 (HKLM\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
Lexware Info Service (HKLM\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Lexware zeitmanagement 2011 (HKLM\...\{AE6E353F-A5D6-40E4-81FB-960EB7B207D7}) (Version: 2.05.00.0169 - Haufe-Lexware GmbH & Co.KG)
LibreOffice 4.1.3.2 (HKLM\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Lineal (HKLM\...\Lineal v1.6b_is1) (Version: 0.1.6b - )
lingDIALOG (HKLM\...\{627C5AC0-772C-4661-B696-42E04AEB1872}) (Version: 2.00.0010 - LingCom GmbH)
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0 - Logitech) Hidden
MakeMKV v1.8.11 (HKLM\...\MakeMKV) (Version: v1.8.11 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediencenter 3.9.1055.64 (HKCU\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2003 (HKLM\...\{90E00407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word 2000 SR-1 (HKLM\...\{00170407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Moorhuhn Remake (HKLM\...\{52210D57-0B1F-4681-90DD-8659DF4BCC40}) (Version: 1.00.0000 - )
Movies2iPhone 1.24 for Windows (HKLM\...\Movies2iPhone) (Version: 1.24 for Windows - OKprods Ltd)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Firefox 4.0b8 (x86 de) (HKLM\...\Mozilla Firefox 4.0b8 (x86 de)) (Version: 4.0b8 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.1.1 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.1 (x86 de)) (Version: 31.1.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nipperdey plus (HKLM\...\{C5FEF96A-0C31-4D2E-9112-C782065DEE40}) (Version: 1.0.15 - C. H. Beck)
Norton Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NTFS Link 2.1 (HKLM\...\ntfslink_is1) (Version:  - )
NVIDIA 3D Vision Controller Driver (Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9793 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.109 - PDF Complete, Inc)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PDFtoEPUB (HKLM\...\PDFtoEPUB) (Version: 1.5.0 - DNAML Pty Ltd.)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
Power Tab Editor 1.7 (HKLM\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Printer Pro Desktop (HKLM\...\PrinterProDesktop) (Version:  - Readdle)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QSynchronization for Outlook 2.5.5 (HKLM\...\QSynchronization for Outlook_is1) (Version:  - Thomas Quester)
Qtrax Player (HKCU\...\756452889.portal.qtrax.com) (Version:  - portal.qtrax.com)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version:  - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
ReNoStar Systemdateien II v.3 (HKLM\...\{3C36D2A0-5A6F-4437-A080-699557C6C8A1}) (Version: 8.70.0.7050 - ReNoStar GmbH)
ReNoStar Systemkomponenten (HKLM\...\InstallShield_{55A1EE3A-2143-4731-8243-3F807869FA66}) (Version: 8.40.0.4000 - ReNoStar GmbH)
ReNoStar Systemkomponenten (Version: 8.40.0.4000 - ReNoStar GmbH) Hidden
ReNoTicker Version 1.0 (HKLM\...\{33FF4DB1-87B2-4934-8563-CA489A1EF80D}_is1) (Version: 1.0 - ReNoStar GmbH)
RNSInstSevOutBar (HKLM\...\{ED689BFF-452F-471A-96DF-69210FEB359D}) (Version: 1.00.0000 - ReNoStar GmbH)
SDExplorer 3.0 (HKLM\...\SDEPRO20_is1) (Version: 3.0 - CloudStorageExplorer.com)
SetEditArgus (remove only) (HKLM\...\SetEditArgus) (Version:  - )
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SopCast 3.3.2 (HKLM\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.10194 - TeamViewer GmbH)
TP-LINK-Clientinstallationsprogramm (HKLM\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Trojan Remover 6.9.1 (HKLM\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
TunnelBear 1.0.28 (HKLM\...\TunnelBear) (Version: 1.0.28 - TunnelBear)
Tyre (HKLM\...\Tyre_is1) (Version: 6.3.0.2 - 't Schrijverke)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vokabeltrainer-Update 4.0.46 (HKLM\...\{7F2A96C8-B7F8-4C0E-B575-BC2378342962}) (Version: 4.0.46 - Langenscheidt)
VSDC Free Video Editor Version 2.1.9.201 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.9.201 - Flash-Integro LLC)
WEB.DE SmartDrive Manager (HKLM\...\WEB.DE SmartDrive Manager) (Version: 2.0.677 - 1&1 Mail & Media GmbH)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 4.2.9 (HKLM\...\winscp3_is1) (Version: 4.2.9 - Martin Prikryl)
Wise Registry Cleaner 6.14 (HKLM\...\Wise Registry Cleaner_is1) (Version:  - WiseCleaner.com, Inc.)
Wondershare Streaming Audio Recorder(Build 1.0.10.1) (HKLM\...\Wondershare Streaming Audio Recorder_is1) (Version:  - Wondershare Software)
Xilisoft iPad to PC Copy (HKLM\...\Xilisoft iPad to PC Copy) (Version: 4.2.1.0526 - Xilisoft)
Xvid 1.2.1 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\User1\AppData\Local\Google\Chrome\Application\22.0.1229.39\delegate_execute.exe" No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{E5F07F0E-C4AE-4AA8-AE7E-FC3DB683977E}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.71\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2012-04-30 15:03 - 00000894 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 box.anchorfree.net

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0599AEA8-8B0E-4CCA-894C-3388A51516DF} - System32\Tasks\{D5B38D15-96B0-44AE-B5E3-D7781FB183C6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {1F6C46E3-0AF5-4425-8C9B-169308085EED} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-05-19] (Hewlett-Packard)
Task: {2B5754DC-6D11-4A99-903A-590F903FCCEC} - System32\Tasks\{E05D2DC7-405E-47BE-BEFB-BF1D8BD6D684} => C:\Program Files\Skype\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {41B17569-4162-4349-85BD-50950BE97451} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31] (Google Inc.)
Task: {4EEAF8B9-1753-4912-A7CE-1152DADC5B12} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31] (Google Inc.)
Task: {68D3D043-9928-42B6-ADC0-800076647375} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {A37ECFB2-7B4B-493B-B54C-D570865B15AC} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-05-19] (Hewlett-Packard)
Task: {AB7E5490-1C3D-41C0-9549-A352FCC95759} - System32\Tasks\HPCeeScheduleForUser1 => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {B50336E2-7335-49CA-BB6A-0697EE5F2431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-08-19] (Microsoft)
Task: {DD13DB6F-2EFF-431E-AEBE-60F12CD0D628} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E0759A1C-B0DE-49F8-A492-5C703BEDAA4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-08-19] (Microsoft)
Task: {EC16019C-3E05-449D-BA7E-6D1CA31D24C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-12] (Google Inc.)
Task: {EE704841-CE8F-4D6A-9C17-E0362C4E3A34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core.job => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA.job => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUser1.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============
2. GMER.txt

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-24 09:50:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.HP34 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\THOMAS~1\AppData\Local\Temp\kwldypow.sys


---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                                          83250A15 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                            8328A212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text          C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!SetScrollRange                                                      75CF8EC5 5 Bytes  JMP 10020569 C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text          C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!GetSysColorBrush                                                    75CFF1ED 5 Bytes  JMP 100205DE C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text          C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!GetScrollInfo                                                      75D02DA3 7 Bytes  JMP 100204E2 C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text          C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!SetScrollInfo                                                      75D048DA 7 Bytes  JMP 10020533 C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text          C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!GetSysColor                                                        75D0DB7A 5 Bytes  JMP 1002059F C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text          C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!GetScrollRange                                                      75D2045A 5 Bytes  JMP 10020518 C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text          C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!SetScrollPos                                                        75D204BE 5 Bytes  JMP 1002054E C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text          C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!GetScrollPos                                                        75D20E43 5 Bytes  JMP 100204FD C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text          C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!EnableScrollBar                                                    75D219CE 7 Bytes  JMP 100204C7 C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text          C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!ShowScrollBar                                                      75D23C89 5 Bytes  JMP 10020584 C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text          C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] kernel32.dll!FindResourceW                                                          76EA55DF 5 Bytes  JMP 00440980 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text          C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] kernel32.dll!FindResourceA                                                          76EAA585 5 Bytes  JMP 00440930 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text          C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] user32.DLL!LoadStringA                                                              75CF66A7 5 Bytes  JMP 00441110 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text          C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] user32.DLL!LoadStringW                                                              75CFDFBA 5 Bytes  JMP 00440FD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text          C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] user32.DLL!LoadMenuW                                                                75CFF214 5 Bytes  JMP 00440B40 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text          C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] user32.DLL!LoadMenuA                                                                75D0F92C 5 Bytes  JMP 00440AD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text          C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] user32.DLL!CreateDialogParamA                                                        75D11F42 5 Bytes  JMP 004409D0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text          C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] user32.DLL!CreateDialogParamW                                                        75D25630 5 Bytes  JMP 00440A50 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                          aswTdi.SYS
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                          aswTdi.SYS
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                          fltmgr.sys

---- Registry - GMER 2.1 ----

Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}                                 
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}@pakejmagabfdeieggdbnmnhhpdkkkkgn  0x61 0x62 0x70 0x69 ...
Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}                                 

---- EOF - GMER 2.1 ----
3. Schließlich noch der Scan Log, den ESET Online Scanner produziert hat:

Code:
C:\$RECYCLE.BIN\S-1-5-21-1903734357-4184266498-2229017531-1000\$R4YML6G.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\$RECYCLE.BIN\S-1-5-21-1903734357-4184266498-2229017531-1000\$RCSOFHL.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\$RECYCLE.BIN\S-1-5-21-1903734357-4184266498-2229017531-1000\$RPPGSTB.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\$RECYCLE.BIN\S-1-5-21-1903734357-4184266498-2229017531-1000\$R0ELI5G\gyup.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\$RECYCLE.BIN\S-1-5-21-1903734357-4184266498-2229017531-1000\$RBE2FXR\gyup.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Documents and Settings\User1\Anwendungsdaten\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe        Win32/OpenCandy potenziell unsichere Anwendung
C:\Documents and Settings\User1\Anwendungsdaten\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe        Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Anwendungsdaten\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe        Win32/OpenCandy potenziell unsichere Anwendung
C:\Documents and Settings\User1\Anwendungsdaten\Ryxui\gyup.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Documents and Settings\User1\AppData\Local\Anwendungsdaten\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\Local\Anwendungsdaten\Temp\KB09305459.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Documents and Settings\User1\AppData\Local\Anwendungsdaten\Temp\OCS\ocs_v71b.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\Local\Temp\KB09305459.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Documents and Settings\User1\AppData\Local\Temp\OCS\ocs_v71b.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD0.dll        Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD2.dll        Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\hktbDVD0.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\hktbDVD2.dll        Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD0.dll        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD2.dll        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll        Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD2.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll        Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll        Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe        Win32/OpenCandy potenziell unsichere Anwendung
C:\Documents and Settings\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe        Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\Roaming\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe        Win32/OpenCandy potenziell unsichere Anwendung
C:\Documents and Settings\User1\AppData\Roaming\Ryxui\gyup.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Documents and Settings\User1\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe        Variante von Win32/HotSpotShield evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Downloads\java_setup.exe        Win32/AdWare.iBryte.AW Anwendung
C:\Documents and Settings\User1\Downloads\setup (1).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Downloads\setup (2).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Downloads\setup.exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Downloads\SoftonicDownloader_fuer_iringer.exe        Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Lokale Einstellungen\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Lokale Einstellungen\Temp\KB09305459.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Documents and Settings\User1\Lokale Einstellungen\Temp\OCS\ocs_v71b.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Anwendungsdaten\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe        Win32/OpenCandy potenziell unsichere Anwendung
C:\Dokumente und Einstellungen\User1\Anwendungsdaten\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe        Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Anwendungsdaten\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe        Win32/OpenCandy potenziell unsichere Anwendung
C:\Dokumente und Einstellungen\User1\Anwendungsdaten\Ryxui\gyup.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Dokumente und Einstellungen\User1\AppData\Local\Anwendungsdaten\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Local\Anwendungsdaten\Temp\KB09305459.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Dokumente und Einstellungen\User1\AppData\Local\Anwendungsdaten\Temp\OCS\ocs_v71b.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Local\Temp\KB09305459.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Dokumente und Einstellungen\User1\AppData\Local\Temp\OCS\ocs_v71b.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD0.dll        Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD2.dll        Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\hktbDVD0.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\hktbDVD2.dll        Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD0.dll        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD2.dll        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll        Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD2.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll        Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll        Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe        Win32/OpenCandy potenziell unsichere Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe        Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Roaming\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe        Win32/OpenCandy potenziell unsichere Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Roaming\Ryxui\gyup.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Dokumente und Einstellungen\User1\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe        Variante von Win32/HotSpotShield evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Downloads\java_setup.exe        Win32/AdWare.iBryte.AW Anwendung
C:\Dokumente und Einstellungen\User1\Downloads\setup (1).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Downloads\setup (2).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Downloads\setup.exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Downloads\SoftonicDownloader_fuer_iringer.exe        Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Lokale Einstellungen\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Lokale Einstellungen\Temp\KB09305459.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Dokumente und Einstellungen\User1\Lokale Einstellungen\Temp\OCS\ocs_v71b.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe        Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper1.exe        Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\hk64tbDVD0.dll        Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\hk64tbDVD2.dll        Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\hktbDVD0.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\hktbDVD2.dll        Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\ldrtbDVD0.dll        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\ldrtbDVD2.dll        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll        Win32/Toolbar.Conduit.N evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll        Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\tbDVD0.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\tbDVD2.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\tbDVDV.dll        Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe        Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper1.exe        Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\hk64tbDVD0.dll        Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\hk64tbDVD2.dll        Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\hktbDVD0.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\hktbDVD2.dll        Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\ldrtbDVD0.dll        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\ldrtbDVD2.dll        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll        Win32/Toolbar.Conduit.N evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll        Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\tbDVD0.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\tbDVD2.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\tbDVDV.dll        Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
C:\Users\User1\Anwendungsdaten\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe        Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\User1\Anwendungsdaten\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe        Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Users\User1\Anwendungsdaten\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe        Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\User1\Anwendungsdaten\Ryxui\gyup.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Users\User1\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Users\User1\AppData\Local\Temp\KB09305459.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Users\User1\AppData\Local\Temp\OCS\ocs_v71b.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD0.dll        Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD2.dll        Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\hktbDVD0.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\hktbDVD2.dll        Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD0.dll        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD2.dll        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll        Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD2.dll        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll        Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll        Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\Users\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe        Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe        Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Users\User1\AppData\Roaming\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe        Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\User1\AppData\Roaming\Ryxui\gyup.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Users\User1\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe        Variante von Win32/HotSpotShield evtl. unerwünschte Anwendung
C:\Users\User1\Downloads\java_setup.exe        Win32/AdWare.iBryte.AW Anwendung
C:\Users\User1\Downloads\setup (1).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Users\User1\Downloads\setup (2).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Users\User1\Downloads\setup.exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Users\User1\Downloads\SoftonicDownloader_fuer_iringer.exe        Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung
C:\Users\User1\Lokale Einstellungen\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Users\User1\Lokale Einstellungen\Temp\KB09305459.exe        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Users\User1\Lokale Einstellungen\Temp\OCS\ocs_v71b.exe        Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Windows\System32\Adobe\Shockwave 12\gt.exe        Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
D:\wichtige_0676.zip        Variante von Win32/Kryptik.CLUJ Trojaner
D:\Documents\Downloads\FreeYouTubeToMp3Converter31452.exe        Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung
D:\Downloads\cnet2_powertab_zip.exe        Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung
D:\Downloads\dmge-latest.exe        Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeAudioConverter.exe        Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeStudio.exe        Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
D:\Downloads\FreeVideoToDVDConverter.exe        Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeToMP3Converter(1).exe        Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeToMP3Converter(2).exe        Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeYouTubeToMP3Converter.exe        Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung
D:\Downloads\iLividSetup-r563-n-bf.exe        Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung
D:\Downloads\Integrated_CT2325506.exe        Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
D:\Downloads\Mv2%20Player.exe        MSIL/Solimba evtl. unerwünschte Anwendung
D:\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
D:\Downloads\Shockwave_Installer_Slim(1).exe        Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
D:\Downloads\SopCast332(1).zip        Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
D:\Downloads\SopCast332.zip        Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
D:\Downloads\ZipOpenerSetup.exe        Win32/InstallCore.BN evtl. unerwünschte Anwendung
D:\Downloads bis 3_5_2011\HoldemIndicatorSetup.exe        Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung
D:\Downloads bis 3_5_2011\SoftonicDownloader96007.exe        Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung
H:\HomeSafe\Eigene Dateien Festplatte E\Downloads\Privat\keylogger.zip        Mehrere Bedrohungen
H:\HomeSafe\Eigene Dateien Festplatte E\Downloads\Geschäft\Downloads\HoldemIndicatorSetup.exe        Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung
H:\HomeSafe\Eigene Dateien Festplatte E\Downloads\Geschäft\Downloads\Setup_Moorhuhn_Winter_GER-dm.exe        Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung
H:\HomeSafe\Eigene Dateien Festplatte E\Sicherung\Sicherung Netz 2001\UTIL\NSM\CALCPSW.EXE        möglicherweise unbekannter Virus POLY.CRYPT.TSR.COM.EXE Virus
H:\HomeSafe\Eigene Dateien Festplatte E\Sicherung\OLDCOMP\DOKUME~1\WRAPST~1.EXE        Win32/Adware.Webhancer.A Anwendung
Avast hat sich leider geweigert, eine Protokoll zu speichern

Bekomme ich diesen Dreck wieder los, ohne die Festplatte plattmachen zu müssen?
Für Hilfe wäre ich sehr dankbar!!

Herzliche Grüße

Thomas

schrauber 24.09.2014 13:16
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

lawman99 24.09.2014 14:18
Hallo,
vielen Dank für die schnelle Antwort. Hier das Protokoll von Combofix:

Code:
Combofix Logfile:

       
Code:

       
ComboFix 14-09-22.01 - User1 24.09.2014  14:45:18.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3071.2060 [GMT 2:00]
ausgeführt von:: c:\users\User1\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\YOURIP~1\YOURip~1.exe
c:\users\User1\AppData\Local\Temp\_MEI28882\_ctypes.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\_elementtree.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\_hashlib.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\_multiprocessing.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\_socket.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\_ssl.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\hashobjs_ext.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\pyexpat.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\pysqlite2._sqlite.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\python27.dll
c:\users\User1\AppData\Local\Temp\_MEI28882\pythoncom27.dll
c:\users\User1\AppData\Local\Temp\_MEI28882\PyWinTypes27.dll
c:\users\User1\AppData\Local\Temp\_MEI28882\select.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\unicodedata.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32api.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32com.shell.shell.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32crypt.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32event.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32file.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32gui.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32inet.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32pdh.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32pipe.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32process.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32profile.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32security.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\win32ts.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\windows._lib_cacheinvalidation.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\wx._animate.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\wx._controls_.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\wx._core_.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\wx._gdi_.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\wx._html2.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\wx._misc_.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\wx._windows_.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\wx._wizard.pyd
c:\users\User1\AppData\Local\Temp\_MEI28882\wxbase294u_net_vc90.dll
c:\users\User1\AppData\Local\Temp\_MEI28882\wxbase294u_vc90.dll
c:\users\User1\AppData\Local\Temp\_MEI28882\wxmsw294u_adv_vc90.dll
c:\users\User1\AppData\Local\Temp\_MEI28882\wxmsw294u_core_vc90.dll
c:\users\User1\AppData\Local\Temp\_MEI28882\wxmsw294u_html_vc90.dll
c:\users\User1\AppData\Local\Temp\_MEI28882\wxmsw294u_webview_vc90.dll
c:\users\User1\AppData\Roaming\Ryxui
c:\users\User1\AppData\Roaming\Ryxui\gyup.exe
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\_ctypes.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\_elementtree.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\_hashlib.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\_multiprocessing.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\_socket.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\_ssl.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\hashobjs_ext.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\pyexpat.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\pysqlite2._sqlite.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\python27.dll
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\pythoncom27.dll
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\PyWinTypes27.dll
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\select.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\unicodedata.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32api.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32com.shell.shell.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32crypt.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32event.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32file.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32gui.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32inet.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32pdh.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32pipe.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32process.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32profile.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32security.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\win32ts.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\windows._lib_cacheinvalidation.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wx._animate.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wx._controls_.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wx._core_.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wx._gdi_.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wx._html2.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wx._misc_.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wx._windows_.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wx._wizard.pyd
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wxbase294u_net_vc90.dll
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wxbase294u_vc90.dll
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wxmsw294u_adv_vc90.dll
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wxmsw294u_core_vc90.dll
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wxmsw294u_html_vc90.dll
c:\users\THOMAS~1\AppData\Local\Temp\_MEI28882\wxmsw294u_webview_vc90.dll
c:\windows\system32\aswA0A2.tmp
H:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-24 bis 2014-09-24  ))))))))))))))))))))))))))))))
.
.
2014-09-24 13:02 . 2014-09-24 13:02        --------        d-----w-        c:\users\User1\AppData\Local\temp
2014-09-24 13:02 . 2014-09-24 13:02        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2014-09-24 06:42 . 2014-09-24 06:44        --------        d-----w-        C:\FRST
2014-09-24 00:48 . 2014-09-24 12:49        62576        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Windows Defender\Definition Updates\{E74B2A66-4B29-48AB-8074-158C18BA2614}\offreg.dll
2014-09-23 15:57 . 2014-09-23 16:52        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2014-09-23 15:14 . 2014-09-24 13:05        --------        d-----r-        c:\users\User1\iCloudDrive
2014-09-23 15:12 . 2014-09-23 15:57        113880        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-23 15:11 . 2014-09-23 15:56        75480        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-09-23 15:11 . 2014-05-12 05:26        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-09-23 15:11 . 2014-09-23 15:11        --------        d-----w-        c:\program files\Malwarebytes Anti-Malware
2014-09-23 15:00 . 2014-09-23 15:00        --------        d-----w-        c:\users\User1\AppData\Local\Apple Inc
2014-09-23 10:08 . 2014-09-09 01:24        8806800        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Windows Defender\Definition Updates\{E74B2A66-4B29-48AB-8074-158C18BA2614}\mpengine.dll
2014-09-22 16:24 . 2014-09-22 16:24        --------        d-----w-        c:\users\User1\AppData\Roaming\Simply Super Software
2014-09-22 16:00 . 2014-09-22 16:00        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Licenses
2014-09-22 16:00 . 2014-09-22 16:00        --------        d-----w-        c:\program files\Trojan Remover
2014-09-22 16:00 . 2014-09-22 16:00        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Simply Super Software
2014-09-22 15:31 . 2014-09-22 15:31        --------        d-----w-        c:\users\User1\AppData\Roaming\Yzuxri
2014-09-11 10:47 . 2014-09-15 09:05        --------        d-----w-        c:\program files\Mozilla Thunderbird
2014-09-11 00:20 . 2014-07-07 01:40        1059840        ----a-w-        c:\windows\system32\lsasrv.dll
2014-09-11 00:20 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\system32\kerberos.dll
2014-09-11 00:19 . 2014-06-24 02:59        1987584        ----a-w-        c:\windows\system32\d3d10warp.dll
2014-09-11 00:19 . 2014-09-05 01:52        445952        ----a-w-        c:\windows\system32\aepdu.dll
2014-09-11 00:19 . 2014-09-05 01:47        302592        ----a-w-        c:\windows\system32\aeinv.dll
2014-09-10 07:48 . 2014-09-10 07:48        --------        d-----w-        c:\program files\iPod
2014-09-10 07:48 . 2014-09-10 07:48        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-03 13:59 . 2014-09-03 13:59        --------        d-----w-        c:\program files\Common Files\Skype
2014-08-28 07:15 . 2014-08-23 01:46        305152        ----a-w-        c:\windows\system32\gdi32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-15 07:06 . 2010-04-21 16:33        231568        ------w-        c:\windows\system32\MpSigStub.exe
2014-09-10 12:14 . 2012-06-26 08:17        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 12:14 . 2012-06-26 08:17        701104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-08-23 00:42 . 2014-08-28 07:15        2352640        ----a-w-        c:\windows\system32\win32k.sys
2014-08-18 21:57 . 2014-09-11 01:14        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-08-18 21:46 . 2014-09-11 01:14        454656        ----a-w-        c:\windows\system32\vbscript.dll
2014-08-18 21:44 . 2014-09-11 01:14        61952        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-08-18 21:30 . 2014-09-11 01:14        646144        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:07 . 2014-09-11 01:14        1068032        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46 . 2014-09-11 01:14        1812992        ----a-w-        c:\windows\system32\wininet.dll
2014-08-01 11:35 . 2014-09-11 00:19        793600        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-07-28 12:52 . 2014-07-28 12:52        6112072        ----a-w-        c:\windows\system32\usbaaplrc.dll
2014-07-28 12:52 . 2014-07-28 12:52        45056        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 02:46 . 2014-08-14 07:45        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-07-14 01:42 . 2014-08-14 07:50        654336        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-07-09 01:29 . 2014-08-14 07:35        6144        ----a-w-        c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29 . 2014-08-14 07:35        6144        ----a-w-        c:\windows\system32\KBDBASH.DLL
2014-07-08 09:56 . 2014-07-09 07:39        81760        ----a-w-        c:\windows\system32\mslvddsfilter2.ax
2014-06-30 22:14 . 2014-08-14 17:21        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-06-27 01:45 . 2014-09-11 01:14        2285056        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2010-09-16 16:26 . 2010-09-16 16:28        564211        ----a-w-        c:\program files\SetupiPhoneBrowser.1.93.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2013-07-17 226592]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2013-07-17 08:13        226592        ----a-w-        c:\program files\DVDVideoSoftTB\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2013-07-17 226592]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD2.dll" [2013-07-17 226592]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-01 07:23        233128        ----a-w-        c:\users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-01 07:23        233128        ----a-w-        c:\users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-01 07:23        233128        ----a-w-        c:\users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Mediencenter_InSync]
@="{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}]
2013-10-01 12:56        540672        ----a-w-        c:\users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Mediencenter_ToSync]
@="{528EE335-5034-4EFC-834E-63E5F02D2BC2}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}]
2013-10-01 12:56        540672        ----a-w-        c:\users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Mediencenter_Failed]
@="{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}"
"ReferenceCount"=dword:00000001
[HKEY_CLASSES_ROOT\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}]
2013-10-01 12:56        540672        ----a-w-        c:\users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 08:34        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 08:34        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 08:34        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 08:34        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 08:34        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 08:34        579400        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2010-08-27 09:40        193896        ----a-w-        c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2010-08-27 09:44        193896        ----a-w-        c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NTFSLink_Hardlink]
@="{0314E3A0-45DB-4D75-BB86-27B8EF28907B}"
[HKEY_CLASSES_ROOT\CLSID\{0314E3A0-45DB-4D75-BB86-27B8EF28907B}]
2004-09-03 09:22        225280        ----a-w-        c:\progra~1\NTFSLI~1\ntfslink.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NTFSLink_Junction]
@="{61702EF5-1B33-487F-995F-6FA23F1D6652}"
[HKEY_CLASSES_ROOT\CLSID\{61702EF5-1B33-487F-995F-6FA23F1D6652}]
2004-09-03 09:22        225280        ----a-w-        c:\progra~1\NTFSLI~1\ntfslink.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]
"WEB.DE_WEB.DE SmartDrive Manager"="c:\program files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" [2011-11-21 1259624]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-07 43816]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]
"Haufe.TimeManagement"="c:\program files\lexware\zeitmanagement\2011\Haufe.TimeManagement.exe" [2012-04-20 1440112]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2013-01-16 6860288]
"SkyDrive"="c:\users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-08-01 251040]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-24 21650016]
"PrinterProDesktop"="c:\program files\Printer Pro Desktop\PrinterProDesktop.exe" [2012-02-02 2132992]
"iCloudDrive"="c:\program files\Common Files\Apple\Internet Services\iCloudDrive.exe" [2014-08-15 43816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"avast!"="c:\program files\Alwil Software\Avast4\aswDisp.exe" [2010-02-18 81000]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-08 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"ApplyEsf-eDocPrintPro"="c:\program files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" [2009-05-19 315392]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-10-04 1912832]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2014-05-22 1666432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-08-19 21720]
.
c:\users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-10-26 1017184]
Mediencenter.lnk - c:\users\User1\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe [2014-6-12 580416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2013-1-9 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
Gladinet Cloud Desktop.lnk - c:\windows\Installer\{9ADA9B3F-E787-403A-8CDA-67FD54DDBEC7}\_F2E0BB47ED476F1BDF8B87.exe [2010-8-30 188478]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
RenoBoost.lnk - c:\renostar\ziuboost.exe [2013-9-19 1327104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2011-12-06 2430128]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys [2010-05-14 25024]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-08-06 18944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-15 1343400]
S1 aswSP;avast! Self Protection; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-04-24 40648]
S1 uiwbrdr;uiwbrdr;c:\windows\system32\DRIVERS\uiwbrdr.sys [2011-11-21 144896]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2010-02-18 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2010-02-18 53328]
S2 avast! NetAgent;avast! NetAgent;c:\program files\Alwil Software\Avast4\AvAgent.exe [2010-02-18 52160]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2013-07-16 218112]
S2 GladFileMonSvc;GladFileMonSvc;c:\program files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [2010-08-27 26984]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2013-04-26 570664]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2013-04-26 390440]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-04-20 1500160]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-04-24 37064]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 12:14]
.
2014-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 14:46]
.
2014-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-12 14:46]
.
2014-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core.job
- c:\users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31 08:28]
.
2014-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA.job
- c:\users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31 08:28]
.
2014-09-22 c:\windows\Tasks\HPCeeScheduleForUser1.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 02:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2269050&CUI=UN13549586332807810
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\User1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.0.253
TCP: Interfaces\{9070C6BC-FDE8-47DC-990D-F527F074EC3D}: NameServer = 192.168.0.250
FF - ProfilePath - c:\users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/|hxxp://www.rollingstone.de/|hxxp://www.zeit.de/index|https://secure-squashtv.premiumtv.co.uk/page/secure/BuyNow/?schemeAndHost=http%3A%2F%2Fwww.psasquashtv.com|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1335336225&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fskydrive.live.com%2F%3Flc%3D1031&lc=1031&id=250206&mkt=de-DE&cbcxt=sky
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
MSConfigStartUp-HPADVISOR - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
MSConfigStartUp-rasMobileARM - c:\users\User1\AppData\Local\sysUserVdm\rasMobileARM.dll
AddRemove-756452889.portal.qtrax.com - c:\program files\Microsoft Silverlight\5.1.20513.0\Silverlight.Configuration.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1903734357-4184266498-2229017531-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}*]
"pakejmagabfdeieggdbnmnhhpdkkkkgn"=hex:61,62,70,69,67,69,66,61,6a,6b,67,6f,64,
   6a,69,62,62,64,6e,6b,66,6f,6e,66,6d,6c,64,66,6b,64,61,66,67,61,00,77
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\System32\uiwbnp.dll
.
- - - - - - - > 'Explorer.exe'(5008)
c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll
c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll
c:\program files\Gladinet\Gladinet Cloud Desktop\GlCopyHandler.dll
c:\progra~1\NTFSLI~1\ntfslink.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\System32\SyncCenter.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\aswServ.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Alwil Software\Avast4\aswWebSv.exe
c:\program files\Alwil Software\Avast4\aswMaiSv.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Audible\Bin\AudibleDownloadHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\renostar\ziuserv.exe
c:\program files\Hotspot Shield\bin\openvpntray.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Gladinet\Gladinet Cloud Desktop\GladinetClient.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Gladinet\Gladinet Cloud Desktop\GladinetPluginHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
c:\program files\Gladinet\Gladinet Cloud Desktop\SkyDriveLogin.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-24  15:12:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-24 13:12
.
Vor Suchlauf: 15 Verzeichnis(se), 14.812.995.584 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 14.906.855.424 Bytes frei
.
- - End Of File - - FCC75EDC9FC90B7CB2E4A71885F02240

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
Hat es was zu bedeuten, dass beim Neustart zweimal eine Warnung kam: "Sie sind im Begriff sich Seiten über eine sichere Verbindung anzeigen zu lassen"? Offenbar eine Meldung des Interner Explorers, den ich aber nicht bewusst starte oder verwende

Herzlichen Dank!!

schrauber 25.09.2014 08:49
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

lawman99 25.09.2014 10:14
Hallo Schrauber,
vielen Dank für die Hilfestellung. Ich habe mal eine "Zwischen-Spende" gemacht. Hier also die Ergebnisse der Scans:

1. Malware
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 25.09.2014
Suchlauf-Zeit: 10:09:07
Logdatei: Malware_25_09_2014.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.25.03
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: User1

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 449347
Verstrichene Zeit: 14 Min, 29 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 3
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1903734357-4184266498-2229017531-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Keine Aktion durch Benutzer, [6f68c0313546e155733508306a9955ab],
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1903734357-4184266498-2229017531-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, Keine Aktion durch Benutzer, [def9cd24c6b5092d901439d06d96c13f],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1903734357-4184266498-2229017531-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Keine Aktion durch Benutzer, [637406ebff7c8ea8f768a9848e755fa1],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-1903734357-4184266498-2229017531-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?SearchSource=10&ctid=CT2269050&CUI=UN13549586332807810, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com/?SearchSource=10&ctid=CT2269050&CUI=UN13549586332807810),Keine Aktion durch Benutzer,[2cabeb06dc9ff3434bdf51b264a1dc24]

Ordner: 7
PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73],
PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73],
PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73],
PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy\C80BF59B86A948AFB6CE07F26276EFD4, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\tmp, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],

Dateien: 46
PUP.Optional.OpenCandy.A, C:\Users\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe, Keine Aktion durch Benutzer, [a33421d0c2b98fa7d2019c8152afdb25],
PUP.Optional.OpenCandy.A, C:\Users\User1\AppData\Roaming\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe, Keine Aktion durch Benutzer, [91463eb3780360d69e3508152dd452ae],
PUP.Optional.Conduit.A, C:\Users\User1\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe, Keine Aktion durch Benutzer, [6d6ac22ff68558defa1be37550b12fd1],
PUP.Optional.Conduit.A, C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe, Keine Aktion durch Benutzer, [7c5ba54ce794b4826ff951cd28d8669a],
PUP.Optional.Conduit.A, C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper1.exe, Keine Aktion durch Benutzer, [8b4c955c1c5f92a43f29dd4149b73ac6],
PUP.Optional.OutBrowse, C:\Users\User1\Downloads\setup (1).exe, Keine Aktion durch Benutzer, [6374826fef8cc571a58fb6d056ae6c94],
PUP.Optional.OutBrowse, C:\Users\User1\Downloads\setup.exe, Keine Aktion durch Benutzer, [3f987d74f784e650a78dff87c53fa55b],
PUP.Optional.Softonic.A, C:\Users\User1\Downloads\SoftonicDownloader_fuer_iringer.exe, Keine Aktion durch Benutzer, [4e89aa476912f244067519184cb5867a],
PUP.Optional.OutBrowse, C:\Users\User1\Downloads\setup (2).exe, Keine Aktion durch Benutzer, [4d8aa54ca9d2d462f73d5a2ccc380ef2],
PUP.Optional.iBryte, C:\Users\User1\Downloads\java_setup.exe, Keine Aktion durch Benutzer, [20b7c130d1aa4cea269fe3ca4fb28d73],
PUP.Optional.Conduit.A, C:\Users\User1\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe, Keine Aktion durch Benutzer, [35a239b87803e452a6c2df3fb749db25],
PUP.Optional.Conduit.A, C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\searchplugins\conduit.xml, Keine Aktion durch Benutzer, [03d4559cc1ba88ae15698fa40bf8ce32],
PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\3209.ico, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73],
PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73],
PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy\C80BF59B86A948AFB6CE07F26276EFD4\version512e990dafdb7.exe, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\1.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\7031.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\a.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\b.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\c.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\d.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\e.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\f.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\g.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\h.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\i.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\j.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\k.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\l.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\m.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\n.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\o.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\p.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\q.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\r.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\s.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\t.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\u.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\v.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\w.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\wlu.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\x.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\y.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\z.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2],
Trojan.Agent.EDFK, d:\Downloads\wichtige_0676.zip, In Quarantäne, [29aebd343645d264676fe2e150b1837d],
Trojan.Agent.EDFK, d:\\settings\wichtige_0676.zip, In Quarantäne, [f4e3668b05762f071db94f7488797789],

Physische Sektoren: 0
(No malicious items detected)


(end)
2. AdwCleaner:

AdwCleaner Logfile:
Code:
# AdwCleaner v3.310 - Bericht erstellt am 25/09/2014 um 10:43:08
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : User1 - User1-HP
# Gestartet von : C:\Users\User1\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : hsstrayservice
Dienst Gelöscht : hsswd

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\hotspot shield
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files\hotspot shield
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Windows\system32\hotspot shield
Ordner Gelöscht : D:\\Updater
Ordner Gelöscht : C:\Users\User1\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\User1\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\User1\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\software4u
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Conduit
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\ConduitCommon
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\StumbleUpon
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Datei Gelöscht : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
Datei Gelöscht : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gelöscht : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdateHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdateHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader96007_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader96007_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A705BA26-B08A-453F-BACE-99FCDDE91FB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A705BA26-B08A-453F-BACE-99FCDDE91FB3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A705BA26-B08A-453F-BACE-99FCDDE91FB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52713A0A-2E68-4803-B9D4-94E1B4ED8376}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1028397E-66F8-4B12-8534-C78FFF6E8511}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\hotspotshield
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\hotspotshield
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\prefs.js ]

Zeile gelöscht : user_pref("CT2269050..clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);
Zeile gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.CurrentServerDate", "17-10-2011");
Zeile gelöscht : user_pref("CT2269050.DSInstall", true);
Zeile gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Mon Oct 17 2011 09:31:24 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Mon Oct 17 2011 10:52:08 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.FirstServerDate", "17-10-2011");
Zeile gelöscht : user_pref("CT2269050.FirstTime", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2269050.HPChangedManually", false);
Zeile gelöscht : user_pref("CT2269050.HPInstall", false);
Zeile gelöscht : user_pref("CT2269050.HPProtectChoice", true);
Zeile gelöscht : user_pref("CT2269050.HPProtectCount", 2);
Zeile gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2269050.HomePageProtectorEnabled", false);
Zeile gelöscht : user_pref("CT2269050.Initialize", true);
Zeile gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Zeile gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2269050.InstalledDate", "Mon Oct 17 2011 09:31:23 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2269050.IsAlertDBUpdated", true);
Zeile gelöscht : user_pref("CT2269050.IsGrouping", false);
Zeile gelöscht : user_pref("CT2269050.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Zeile gelöscht : user_pref("CT2269050.IsProtectorsInit", true);
Zeile gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Oct 17 2011 09:31:25 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.7.0.6", "Mon Oct 17 2011 09:31:28 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LatestVersion", "3.7.0.6");
Zeile gelöscht : user_pref("CT2269050.Locale", "en");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2269050.OriginalFirstVersion", "3.7.0.6");
Zeile gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Mon Oct 17 2011 09:31:24 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Zeile gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Zeile gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Zeile gelöscht : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Zeile gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Zeile gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.spiegel.de/|hxxps://www.facebook.com/|hxxp://www.zeit.de/index|hxxp://www.faz.net/s/homepage.html|hxxp://www.psasquashtv.com/page/Home/");
Zeile gelöscht : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Oct 17 2011 09:31:28 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SearchProtectorEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Zeile gelöscht : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Mon Oct 17 2011 09:31:20 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Mon Oct 17 2011 09:31:21 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1314606801");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Oct 17 2011 09:31:20 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Zeile gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2269050.Uninstall", true);
Zeile gelöscht : user_pref("CT2269050.UserID", "UN78443209048120836");
Zeile gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2269050.WeatherPollDate", "Mon Oct 17 2011 10:31:26 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E716B7374443A384336423C3C204A4A2F77317B232225362D382A5A4C4B59564D345E5E432C45303638354A414C3B5B6F665E6E62626E68684C76765B445D484E505162596426562[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D706A6B716F6F7774");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737670717775757D7A242F4B49474F42357D5D5C3D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7;chgjd$nn", "247E61393F236B25717277732A212C6E414F444D327A3443474F54535650305A5A3F364124615651595457514A334C2B2B4F465134717462563F584A4A5B525D406C6D76624[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5A4F515C4C594F3762575A473E492C58545E6A4F38513C534A553864656E5A435C4B5E5[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745544646494D50315C5154412A4333323131483F4A5E5E5C5B68706E726762676264756B6C6A6A517C7174614A63535251506[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927252[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F7A6F725F48614F50504F665D6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6B676A6F416F6C747A71437545207D49204F25517C20522A7E2228272B2A25262C2A2D30");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "673C3C6E417142767A727872457C7A4C4D7E222120");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D706A6B716F706F6F74717B");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Zeile gelöscht : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Mon Oct 17 2011 09:31:23 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2269050.initDone", true);
Zeile gelöscht : user_pref("CT2269050.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2269050.isFirstRadioInstallation", false);
Zeile gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2269050.testingCtid", "");
Zeile gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Mon Oct 17 2011 09:31:23 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Mon Oct 17 2011 09:31:24 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.usagesFlag", 2);
Zeile gelöscht : user_pref("CT2801937..clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2801937.CTID", "CT2801937");
Zeile gelöscht : user_pref("CT2801937.CurrentServerDate", "29-4-2011");
Zeile gelöscht : user_pref("CT2801937.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2801937.DialogsGetterLastCheckTime", "Wed Mar 30 2011 08:50:18 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2801937.EMailNotifierPollDate", "Fri Apr 29 2011 20:37:10 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.FirstServerDate", "30-3-2011");
Zeile gelöscht : user_pref("CT2801937.FirstTime", true);
Zeile gelöscht : user_pref("CT2801937.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2801937.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2801937.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2801937.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2801937.Initialize", true);
Zeile gelöscht : user_pref("CT2801937.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2801937.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2801937.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2801937.InstalledDate", "Wed Mar 30 2011 08:50:18 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2801937.IsGrouping", false);
Zeile gelöscht : user_pref("CT2801937.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2801937.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT2801937.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2801937.LanguagePackLastCheckTime", "Fri Apr 29 2011 20:37:11 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2801937.LastLogin_3.3.3.2", "Fri Apr 29 2011 20:37:12 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.LatestVersion", "3.2.5.2");
Zeile gelöscht : user_pref("CT2801937.Locale", "de");
Zeile gelöscht : user_pref("CT2801937.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2801937.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2801937.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2801937.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2801937.RadioLastCheckTime", "Fri Apr 29 2011 20:37:10 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2801937.RadioLastUpdateServer", "129343918668070000");
Zeile gelöscht : user_pref("CT2801937.RadioMediaID", "21560175");
Zeile gelöscht : user_pref("CT2801937.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2801937.RadioMenuSelectedID", "EBRadioMenu_CT280193721560175");
Zeile gelöscht : user_pref("CT2801937.RadioStationName", "GermanyFM%20Info");
Zeile gelöscht : user_pref("CT2801937.RadioStationURL", "hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680");
Zeile gelöscht : user_pref("CT2801937.SavedHomepage", "hxxp://www.spiegel.de/");
Zeile gelöscht : user_pref("CT2801937.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2801937.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2801937.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2801937.SearchInNewTabLastCheckTime", "Fri Apr 29 2011 20:37:10 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.SearchInNewTabUserEnabled", false);
Zeile gelöscht : user_pref("CT2801937.ServiceMapLastCheckTime", "Fri Apr 29 2011 20:37:10 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.SettingsLastCheckTime", "Fri Apr 29 2011 20:37:09 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.SettingsLastUpdate", "1301829146");
Zeile gelöscht : user_pref("CT2801937.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2801937.ThirdPartyComponentsLastCheck", "Fri Apr 29 2011 20:37:09 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.ThirdPartyComponentsLastUpdate", "1255348257");
Zeile gelöscht : user_pref("CT2801937.Uninstall", true);
Zeile gelöscht : user_pref("CT2801937.UserID", "UN19771343039345823");
Zeile gelöscht : user_pref("CT2801937.alertChannelId", "1194019");
Zeile gelöscht : user_pref("CT2801937.globalFirstTimeInfoLastCheckTime", "Fri Apr 29 2011 20:37:11 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2801937.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2801937.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2801937.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2801937.oldAppsList", "129306877456538355,129306877457319611,129306877459819678,129306877459975929,129306877474350280,129306877468568933,1000082,3417309205081578780,129343848530919600,100[...]
Zeile gelöscht : user_pref("CT2801937.testingCtid", "");
Zeile gelöscht : user_pref("CT2801937.toolbarAppMetaDataLastCheckTime", "Fri Apr 29 2011 20:37:11 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.toolbarContextMenuLastCheckTime", "Wed Mar 30 2011 08:50:19 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2801937");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{b106b661-3e1b-4015-af5c-195e909f35c6}");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "nch_de");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_ffcd7baf", "356x332");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2801937,CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2801937,CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Apr 21 2011 16:28:04 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Apr 29 2011 09:13:39 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Apr 29 2011 09:13:31 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "489286fb-3612-451b-9199-21f32bff4ba5");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "b19c932e-784c-4f1f-a386-bedfd8001cfa");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Oct 17 2011 09:31:24 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Oct 17 2011 10:31:32 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Oct 17 2011 09:31:21 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "6d52a477-c5e3-4ce4-bf18-c9a1c4925fa5");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.spiegel.de/|hxxps://www.facebook.com/|hxxp://www.zeit.de/index|hxxp://www.faz.net/s/homepage.html|hxxp://www.psasquashtv.com/page/Home/");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");

-\\ Google Chrome v

[ Datei : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [34797 octets] - [25/09/2014 10:38:27]
AdwCleaner[S0].txt - [33367 octets] - [25/09/2014 10:43:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33428 octets] ##########
--- --- ---

[/CODE]

3. JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Professional x86
Ran by User1 on 25.09.2014 at 10:51:21,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\GTaskMMC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\GTaskMMC_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Users\User1\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\User1\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\User1\music\qtrax media library"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\User1\AppData\Roaming\mozilla\firefox\profiles\9we27dqw.default\extensions\staged
Emptied folder: C:\Users\User1\AppData\Roaming\mozilla\firefox\profiles\9we27dqw.default\minidumps [58 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.09.2014 at 10:53:18,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4. FRST:

a) FRST.txt


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by User1 (administrator) on ZEEH-HP on 25-09-2014 10:56:50
Running from C:\Users\User1\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswServ.exe
() C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\AvAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswDisp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
() C:\Program Files\AirVideoServer\AirVideoServer.exe
(1&1 Mail & Media GmbH) C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(ReNoStar GmbH) C:\Renostar\ziuboost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ReNoStar GmbH) C:\Renostar\ziuserv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\aswDisp.exe [81000 2010-02-18] (ALWIL Software)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe [315392 2009-05-19] (May Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [AirVideoServer] => C:\Program Files\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [WEB.DE_WEB.DE SmartDrive Manager] => C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE [1259624 2011-11-21] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1005\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RenoBoost.lnk
ShortcutTarget: RenoBoost.lnk -> C:\Renostar\ziuboost.exe (ReNoStar GmbH)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: NTFSLink_Hardlink -> {0314E3A0-45DB-4D75-BB86-27B8EF28907B} => C:\Program Files\NTFS Link\ntfslink.dll (Michael Elsdoerfer)
ShellIconOverlayIdentifiers: NTFSLink_Junction -> {61702EF5-1B33-487F-995F-6FA23F1D6652} => C:\Program Files\NTFS Link\ntfslink.dll (Michael Elsdoerfer)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {959BE5A4-EE6C-421B-BCF4-D90E4D8F869C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.253
Tcpip\..\Interfaces\{9070C6BC-FDE8-47DC-990D-F527F074EC3D}: [NameServer] 192.168.0.250

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.spiegel.de/|hxxp://www.rollingstone.de/|hxxp://www.zeit.de/index|https://secure-squashtv.premiumtv.co.uk/page/secure/BuyNow/?schemeAndHost=http%3A%2F%2Fwww.psasquashtv.com|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1335336225&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fskydrive.live.com%2F%3Flc%3D1031&lc=1031&id=250206&mkt=de-DE&cbcxt=sky
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Разпознаване на устройство Logitech - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\DeviceDetection@logitech.com [2011-10-19]
FF Extension: Free Download Manager plugin - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-12-13]
FF Extension: Xmarks - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\foxmarks@kei.com [2014-09-22]
FF Extension: KeeFox - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\keefox@chris.tomlinson [2014-09-22]
FF Extension: facebookvideo - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{43c35458-c907-439b-bcfd-07d373834689} [2010-06-25]
FF Extension: FT SleekDark - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012-05-09]
FF Extension: Aviary - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408} [2011-12-17]
FF Extension: Embedded Objects - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\firefox@red-cog.com.xpi [2012-01-24]
FF Extension: Facebook Privacy Watcher - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\fpw@informatik.tu-darmstadt.de.xpi [2012-11-09]
FF Extension: MozRepl - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\mozrepl@hyperstruct.net.xpi [2011-07-26]
FF Extension: MyPermissions Cleaner - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{6140bbfd-aa20-11e1-aba7-109add603214}.xpi [2014-01-10]
FF Extension: StumbleUpon - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-10-26]
FF Extension: Menu Editor - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2011-03-14]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-24]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.spiegel.de/
CHR StartupUrls: Default -> "hxxp://www.spiegel.de/", "hxxp://www.zeit.de/index", "https://startpage.com/deu/"
CHR DefaultSearchKeyword: Default -> 322926C86E96565B5B186D0D93824BA7109A5AB72F38EEFF449414F716A6F639
CHR DefaultSearchURL: Default -> 431FA44896D609C9D05DAD0EBC81671B01516EE64A9157C9D94B71F353B0BCD8
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (ClickPotatoLite Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-21]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-01]
CHR Extension: (Google-Suche) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-01]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Evernote Web Clipper) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2010-09-30]
CHR Extension: (Google Mail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-01]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THOMAS~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR StartMenuInternet: Google Chrome - C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2010-02-18] (ALWIL Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\aswServ.exe [138680 2010-02-18] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe [254040 2010-02-18] (ALWIL Software)
R2 avast! NetAgent; C:\Program Files\Alwil Software\Avast4\AvAgent.exe [52160 2010-02-18] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\aswWebSv.exe [352920 2010-02-18] (ALWIL Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128 2011-12-06] (mobile concepts GmbH)
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [218112 2013-07-16] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-09] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-05-20] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [549184 2007-10-26] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\Windows\System32\DRIVERS\aswFsBlk.sys [20560 2010-02-18] (ALWIL Software)
R2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [53328 2010-02-18] (ALWIL Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [23120 2010-02-18] (ALWIL Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [114768 2010-02-18] (ALWIL Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [48624 2010-02-18] (ALWIL Software)
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1269760 2010-05-19] (Atheros Communications, Inc.) [File not signed]
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-04-20] (Atheros Communications, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 MOBIOLA_Wave; C:\Windows\System32\drivers\mobiolawave.sys [25024 2010-05-14] (SHAPE Services)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2010-09-28] (Sonic Solutions) [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-11-23] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-21] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2012-03-06] (Acronis)
R1 uiwbrdr; C:\Windows\System32\DRIVERS\uiwbrdr.sys [144896 2011-11-21] (1&1 Mail & Media GmbH) [File not signed]
R3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [16640 2008-11-19] (Wondershare) [File not signed]
S3 catchme; \??\C:\Users\THOMAS~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 10:53 - 2014-09-25 10:55 - 00001433 _____ () C:\Users\User1\Desktop\JRT.txt
2014-09-25 10:51 - 2014-09-25 10:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 10:50 - 2014-09-25 10:50 - 01024790 _____ (Thisisu) C:\Users\User1\Desktop\JRT.exe
2014-09-25 10:48 - 2014-09-25 10:48 - 00033390 _____ () C:\Users\User1\Desktop\AdwCleaner[S0].txt
2014-09-25 10:45 - 2014-09-25 10:45 - 00000022 _____ () C:\Windows\S.dirmngr
2014-09-25 10:38 - 2014-09-25 10:43 - 00000000 ____D () C:\AdwCleaner
2014-09-25 10:33 - 2014-09-25 10:35 - 00010138 _____ () C:\Users\User1\Desktop\Malware_25_09_2014.txt
2014-09-25 10:19 - 2014-09-25 10:19 - 01373475 _____ () C:\Users\User1\Desktop\AdwCleaner_3.310.exe
2014-09-24 18:10 - 2014-05-17 04:33 - 00039624 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2014-09-24 18:07 - 2014-09-24 18:07 - 00001006 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-09-24 17:42 - 2014-09-24 17:42 - 00000000 ____D () C:\Users\User1\AppData\Roaming\WinPatrol
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\Program Files\Ruiware
2014-09-24 17:36 - 2014-09-24 17:36 - 01156136 _____ (Ruiware) C:\Users\User1\Desktop\wpsetup.exe
2014-09-24 15:12 - 2014-09-24 15:12 - 00036320 _____ () C:\ComboFix.txt
2014-09-24 14:42 - 2014-09-24 15:12 - 00000000 ____D () C:\Qoobox
2014-09-24 14:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-24 14:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-24 14:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-24 14:41 - 2014-09-24 15:10 - 00000000 ____D () C:\Windows\erdnt
2014-09-24 14:38 - 2014-09-24 14:38 - 05579290 ____R (Swearware) C:\Users\User1\Desktop\ComboFix.exe
2014-09-24 09:50 - 2014-09-24 09:50 - 00006570 _____ () C:\Users\User1\Desktop\GMER_24_09_2014.log
2014-09-24 08:59 - 2014-09-24 08:59 - 00380416 _____ () C:\Users\User1\Desktop\Gmer-19357.exe
2014-09-24 08:42 - 2014-09-25 10:57 - 00027187 _____ () C:\Users\User1\Desktop\FRST.txt
2014-09-24 08:42 - 2014-09-25 10:56 - 00000000 ____D () C:\FRST
2014-09-24 08:41 - 2014-09-24 08:41 - 01098240 _____ (Farbar) C:\Users\User1\Desktop\FRST.exe
2014-09-24 08:40 - 2014-09-24 08:40 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-09-24 08:39 - 2014-09-24 08:39 - 00050477 _____ () C:\Users\User1\Desktop\Defogger.exe
2014-09-24 08:27 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 17:57 - 2014-09-23 18:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 17:56 - 2014-09-23 18:52 - 00000000 ____D () C:\Users\User1\Desktop\mbar
2014-09-23 17:14 - 2014-09-25 10:46 - 00000000 ___RD () C:\Users\User1\iCloudDrive
2014-09-23 17:12 - 2014-09-25 10:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 17:11 - 2014-09-23 17:56 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 17:00 - 2014-09-23 17:00 - 00000000 ____D () C:\Users\User1\AppData\Local\Apple Inc
2014-09-23 15:05 - 2014-09-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-22 18:54 - 2014-09-22 18:54 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884 (1).msi
2014-09-22 18:53 - 2014-09-22 18:53 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884.msi
2014-09-22 18:33 - 2014-09-22 18:36 - 117536504 _____ (Microsoft Corporation) C:\Users\User1\Downloads\msert.exe
2014-09-22 18:24 - 2014-09-22 18:24 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Simply Super Software
2014-09-22 18:00 - 2014-09-24 14:57 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-22 18:00 - 2014-09-22 18:00 - 00001101 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-09-22 17:58 - 2014-09-22 17:59 - 21657592 _____ (Simply Super Software ) C:\Users\User1\Downloads\trjsetup691.exe
2014-09-22 17:31 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Yzuxri
2014-09-17 13:17 - 2014-09-17 13:17 - 00000000 ____D () C:\Users\User1\Desktop\temp_files
2014-09-11 12:47 - 2014-09-15 11:05 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-11 03:14 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:14 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:14 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:14 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:14 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:14 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:14 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:14 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:14 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:14 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:14 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:14 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:14 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:14 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:14 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:14 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:14 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:14 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:14 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:14 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:14 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:14 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:14 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:14 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:14 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:14 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:14 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:14 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:14 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:14 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:14 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 02:20 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 02:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 02:19 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 02:19 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 02:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 02:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:49 - 2014-09-10 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\Program Files\iPod
2014-09-05 11:52 - 2014-09-05 11:52 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Opera
2014-09-03 15:59 - 2014-09-03 15:59 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-28 09:15 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:15 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 10:57 - 2014-09-24 08:42 - 00027187 _____ () C:\Users\User1\Desktop\FRST.txt
2014-09-25 10:56 - 2014-09-24 08:42 - 00000000 ____D () C:\FRST
2014-09-25 10:56 - 2010-09-22 17:04 - 00000041 _____ () C:\Windows\Filzip.ini
2014-09-25 10:55 - 2014-09-25 10:53 - 00001433 _____ () C:\Users\User1\Desktop\JRT.txt
2014-09-25 10:52 - 2012-04-25 08:38 - 00000000 ___RD () C:\Users\User1\SkyDrive
2014-09-25 10:52 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 10:52 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 10:51 - 2014-09-25 10:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 10:50 - 2014-09-25 10:50 - 01024790 _____ (Thisisu) C:\Users\User1\Desktop\JRT.exe
2014-09-25 10:50 - 2010-04-26 17:11 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Skype
2014-09-25 10:49 - 2010-05-31 10:28 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA.job
2014-09-25 10:48 - 2014-09-25 10:48 - 00033390 _____ () C:\Users\User1\Desktop\AdwCleaner[S0].txt
2014-09-25 10:48 - 2010-04-21 17:19 - 01093111 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 10:47 - 2011-02-16 19:01 - 00000000 ____D () C:\jexepackres
2014-09-25 10:46 - 2014-09-23 17:14 - 00000000 ___RD () C:\Users\User1\iCloudDrive
2014-09-25 10:46 - 2012-04-30 14:50 - 00000000 ___RD () C:\Users\User1\Google Drive
2014-09-25 10:46 - 2010-10-04 15:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Dropbox
2014-09-25 10:45 - 2014-09-25 10:45 - 00000022 _____ () C:\Windows\S.dirmngr
2014-09-25 10:45 - 2010-07-12 16:46 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 10:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 10:44 - 2014-08-14 09:09 - 00008308 _____ () C:\Windows\PFRO.log
2014-09-25 10:44 - 2014-03-06 11:50 - 00007592 _____ () C:\Windows\setupact.log
2014-09-25 10:44 - 2010-04-21 17:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-25 10:43 - 2014-09-25 10:38 - 00000000 ____D () C:\AdwCleaner
2014-09-25 10:37 - 2010-07-12 16:46 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 10:35 - 2014-09-25 10:33 - 00010138 _____ () C:\Users\User1\Desktop\Malware_25_09_2014.txt
2014-09-25 10:31 - 2014-09-23 17:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 10:27 - 2010-12-06 17:08 - 00000000 ____D () C:\Windows\Msagent
2014-09-25 10:19 - 2014-09-25 10:19 - 01373475 _____ () C:\Users\User1\Desktop\AdwCleaner_3.310.exe
2014-09-25 10:14 - 2012-06-26 10:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 09:58 - 2009-07-25 14:54 - 01629442 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 09:03 - 2014-02-20 10:19 - 00002215 _____ () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-24 20:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 20:00 - 2012-04-20 18:40 - 00000000 ____D () C:\Users\User1\Downloads\iPod Photo Cache
2014-09-24 18:07 - 2014-09-24 18:07 - 00001006 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-09-24 17:42 - 2014-09-24 17:42 - 00000000 ____D () C:\Users\User1\AppData\Roaming\WinPatrol
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\Program Files\Ruiware
2014-09-24 17:36 - 2014-09-24 17:36 - 01156136 _____ (Ruiware) C:\Users\User1\Desktop\wpsetup.exe
2014-09-24 16:49 - 2010-05-31 10:28 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core.job
2014-09-24 16:22 - 2010-08-30 09:05 - 00000000 ____D () C:\Users\User1\AppData\Local\Gladinet
2014-09-24 15:12 - 2014-09-24 15:12 - 00036320 _____ () C:\ComboFix.txt
2014-09-24 15:12 - 2014-09-24 14:42 - 00000000 ____D () C:\Qoobox
2014-09-24 15:12 - 2010-10-26 09:00 - 00000000 ____D () C:\Users\Transfer
2014-09-24 15:12 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-09-24 15:12 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-24 15:10 - 2014-09-24 14:41 - 00000000 ____D () C:\Windows\erdnt
2014-09-24 15:05 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-24 15:01 - 2011-04-19 10:32 - 00000000 ____D () C:\Program Files\You Ripper
2014-09-24 14:57 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-24 14:38 - 2014-09-24 14:38 - 05579290 ____R (Swearware) C:\Users\User1\Desktop\ComboFix.exe
2014-09-24 09:50 - 2014-09-24 09:50 - 00006570 _____ () C:\Users\User1\Desktop\GMER_24_09_2014.log
2014-09-24 08:59 - 2014-09-24 08:59 - 00380416 _____ () C:\Users\User1\Desktop\Gmer-19357.exe
2014-09-24 08:41 - 2014-09-24 08:41 - 01098240 _____ (Farbar) C:\Users\User1\Desktop\FRST.exe
2014-09-24 08:40 - 2014-09-24 08:40 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-09-24 08:40 - 2012-01-16 18:10 - 00000000 ____D () C:\Program Files\Free Download Manager
2014-09-24 08:40 - 2010-04-21 17:44 - 00000000 ____D () C:\Users\User1
2014-09-24 08:39 - 2014-09-24 08:39 - 00050477 _____ () C:\Users\User1\Desktop\Defogger.exe
2014-09-23 18:52 - 2014-09-23 17:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 18:52 - 2014-09-23 17:56 - 00000000 ____D () C:\Users\User1\Desktop\mbar
2014-09-23 17:56 - 2014-09-23 17:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 17:45 - 2010-04-21 18:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-23 17:11 - 2012-07-05 16:13 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-23 17:11 - 2012-07-05 16:13 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Malwarebytes
2014-09-23 17:11 - 2012-07-05 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 17:00 - 2014-09-23 17:00 - 00000000 ____D () C:\Users\User1\AppData\Local\Apple Inc
2014-09-23 17:00 - 2010-04-26 17:01 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Apple Computer
2014-09-23 15:05 - 2014-09-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-23 00:00 - 2010-04-21 17:25 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-22 18:54 - 2014-09-22 18:54 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884 (1).msi
2014-09-22 18:53 - 2014-09-22 18:53 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884.msi
2014-09-22 18:36 - 2014-09-22 18:33 - 117536504 _____ (Microsoft Corporation) C:\Users\User1\Downloads\msert.exe
2014-09-22 18:24 - 2014-09-22 18:24 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00001101 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-09-22 17:59 - 2014-09-22 17:58 - 21657592 _____ (Simply Super Software ) C:\Users\User1\Downloads\trjsetup691.exe
2014-09-22 17:39 - 2013-12-02 09:54 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForUser1.job
2014-09-22 17:31 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Yzuxri
2014-09-22 15:21 - 2010-10-08 14:43 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-09-22 15:01 - 2010-10-04 15:51 - 00001038 _____ () C:\Users\User1\Desktop\Dropbox.lnk
2014-09-22 15:01 - 2010-10-04 15:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 14:56 - 2011-06-29 15:35 - 00000000 ____D () C:\Users\User1\AppData\Local\PokerStars.EU
2014-09-19 14:56 - 2010-04-21 19:40 - 00000000 ____D () C:\Program Files\Holdem Indicator
2014-09-18 06:51 - 2010-05-31 10:29 - 00002393 _____ () C:\Users\User1\Desktop\Google Chrome.lnk
2014-09-17 14:42 - 2014-07-11 11:41 - 00000000 ____D () C:\Users\User1\AppData\Roaming\iFunbox_UserCache
2014-09-17 13:17 - 2014-09-17 13:17 - 00000000 ____D () C:\Users\User1\Desktop\temp_files
2014-09-16 09:01 - 2012-04-27 10:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-15 11:05 - 2014-09-11 12:47 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-15 09:06 - 2010-04-21 18:33 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 03:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 03:14 - 2013-08-20 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:04 - 2014-05-06 20:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 03:04 - 2011-08-23 11:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 14:14 - 2012-06-26 10:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 14:14 - 2012-06-26 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 09:49 - 2014-09-10 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:49 - 2014-07-22 11:30 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 09:48 - 2011-01-24 22:12 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:48 - 2010-04-26 16:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-09 23:47 - 2014-09-24 08:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 15:57 - 2010-10-10 22:46 - 00007602 _____ () C:\Users\User1\AppData\Local\resmon.resmoncfg
2014-09-05 11:52 - 2014-09-05 11:52 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Opera
2014-09-05 11:52 - 2009-07-14 04:04 - 00000520 _____ () C:\Windows\win.ini
2014-09-05 03:52 - 2014-09-11 02:19 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-11 02:19 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 16:38 - 2011-06-29 15:35 - 00000000 ____D () C:\Program Files\PokerStars
2014-09-03 15:59 - 2014-09-03 15:59 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-03 15:59 - 2010-04-26 17:10 - 00000000 ____D () C:\ProgramData\Skype
2014-08-29 03:21 - 2009-07-14 06:33 - 00539384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 09:19 - 2010-12-02 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReNoStar
2014-08-26 09:16 - 2010-12-02 12:36 - 00000000 ____D () C:\Renostar

Some content of TEMP:
====================
C:\Users\User1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbazx2i.dll
C:\Users\User1\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 19:39

==================== End Of Log ============================
--- --- ---

--- --- ---

[/CODE]

Für die Addition.txt war kein Platz mehr. Ich hänge die mal vorsichtshalber an.
Vielen Dank nochmal für die Hilfe. Ich hoffe, wir nähern uns der endgültigen Bereinigung ;-)

Gruß
Thomas

schrauber 25.09.2014 13:14

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

lawman99 26.09.2014 09:12
Hallo Schrauber,
anbei die Logs. SecurityCheck meldet, dass mein Betriebssystem nicht unterstützt wird..
Ansonsten gibt es keine aktuellen Probleme, ich will aber sicher sein, dass die Seuche vom Computer ist. Vielen Dank!!

1. ESET:
Code:
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe.vir        Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper1.exe.vir        Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\hk64tbDVD0.dll.vir        Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\hk64tbDVD2.dll.vir        Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\hktbDVD0.dll.vir        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\hktbDVD2.dll.vir        Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\ldrtbDVD0.dll.vir        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\ldrtbDVD2.dll.vir        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\prxtbDVD0.dll.vir        Win32/Toolbar.Conduit.N evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\prxtbDVD2.dll.vir        Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\tbDVD0.dll.vir        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\tbDVD2.dll.vir        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\tbDVDV.dll.vir        Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe.vir        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD0.dll.vir        Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD2.dll.vir        Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\hktbDVD0.dll.vir        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\hktbDVD2.dll.vir        Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD0.dll.vir        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD2.dll.vir        Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll.vir        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll.vir        Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\tbDVD2.dll.vir        Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir        Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir        Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe.vir        Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Documents and Settings\Thomas Zeeh\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe        Variante von Win32/HotSpotShield evtl. unerwünschte Anwendung
C:\Documents and Settings\Thomas Zeeh\Downloads\java_setup.exe        Win32/AdWare.iBryte.AW Anwendung
C:\Documents and Settings\Thomas Zeeh\Downloads\setup (1).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Documents and Settings\Thomas Zeeh\Downloads\setup (2).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Documents and Settings\Thomas Zeeh\Downloads\setup.exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Documents and Settings\Thomas Zeeh\Downloads\SoftonicDownloader_fuer_iringer.exe        Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\Thomas Zeeh\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe        Variante von Win32/HotSpotShield evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\Thomas Zeeh\Downloads\java_setup.exe        Win32/AdWare.iBryte.AW Anwendung
C:\Dokumente und Einstellungen\Thomas Zeeh\Downloads\setup (1).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\Thomas Zeeh\Downloads\setup (2).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\Thomas Zeeh\Downloads\setup.exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\Thomas Zeeh\Downloads\SoftonicDownloader_fuer_iringer.exe        Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
C:\Qoobox\Quarantine\C\Users\Thomas Zeeh\AppData\Roaming\Ryxui\gyup.exe.vir        Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Users\Thomas Zeeh\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe        Variante von Win32/HotSpotShield evtl. unerwünschte Anwendung
C:\Users\Thomas Zeeh\Downloads\java_setup.exe        Win32/AdWare.iBryte.AW Anwendung
C:\Users\Thomas Zeeh\Downloads\setup (1).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Users\Thomas Zeeh\Downloads\setup (2).exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Users\Thomas Zeeh\Downloads\setup.exe        Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Users\Thomas Zeeh\Downloads\SoftonicDownloader_fuer_iringer.exe        Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung
D:\wichtige_0676.zip        Variante von Win32/Kryptik.CLUJ Trojaner
D:\Downloads\cnet2_powertab_zip.exe        Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung
D:\Downloads\FreeVideoToDVDConverter.exe        Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeToMP3Converter(1).exe        Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeToMP3Converter.exe        Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung
D:\Downloads\iLividSetup-r563-n-bf.exe        Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung
D:\Downloads\Integrated_CT2325506.exe        Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
D:\Downloads\Mv2%20Player.exe        MSIL/Solimba evtl. unerwünschte Anwendung
D:\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
D:\Downloads\ZipOpenerSetup.exe        Win32/InstallCore.BN evtl. unerwünschte Anwendung
D:\Downloads bis 3_5_2011\HoldemIndicatorSetup.exe        Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung
D:\Downloads bis 3_5_2011\SoftonicDownloader96007.exe        Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung
H:\HomeSafe\Eigene Dateien Festplatte E\Downloads\Privat\keylogger.zip        Mehrere Bedrohungen
H:\HomeSafe\Eigene Dateien Festplatte E\Downloads\Geschäft\Downloads\HoldemIndicatorSetup.exe        Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung
H:\HomeSafe\Eigene Dateien Festplatte E\Downloads\Geschäft\Downloads\Setup_Moorhuhn_Winter_GER-dm.exe        Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung
H:\HomeSafe\Eigene Dateien Festplatte E\Sicherung\Sicherung Netz 2001\UTIL\NSM\CALCPSW.EXE        möglicherweise unbekannter Virus POLY.CRYPT.TSR.COM.EXE Virus
H:\HomeSafe\Eigene Dateien Festplatte E\Sicherung\OLDCOMP\DOKUME~1\WRAPST~1.EXE        Win32/Adware.Webhancer.A Anwendung
2. SecurityCheck
Code:
UNSUPPORTED OPERATING SYSTEM! ABORTED!
3. FSRT-Log


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by User1 (administrator) on User1-HP on 26-09-2014 08:45:31
Running from C:\Users\User1\Desktop
Loaded Profiles: User1 & UpdatusUser (Available profiles: User1 & UpdatusUser)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswServ.exe
() C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\AvAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswDisp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
() C:\Program Files\AirVideoServer\AirVideoServer.exe
(1&1 Mail & Media GmbH) C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(ReNoStar GmbH) C:\Renostar\ziuboost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ReNoStar GmbH) C:\Renostar\ziuserv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswWebSv.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\aswDisp.exe [81000 2010-02-18] (ALWIL Software)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe [315392 2009-05-19] (May Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [AirVideoServer] => C:\Program Files\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [WEB.DE_WEB.DE SmartDrive Manager] => C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE [1259624 2011-11-21] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1005\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RenoBoost.lnk
ShortcutTarget: RenoBoost.lnk -> C:\Renostar\ziuboost.exe (ReNoStar GmbH)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: NTFSLink_Hardlink -> {0314E3A0-45DB-4D75-BB86-27B8EF28907B} => C:\Program Files\NTFS Link\ntfslink.dll (Michael Elsdoerfer)
ShellIconOverlayIdentifiers: NTFSLink_Junction -> {61702EF5-1B33-487F-995F-6FA23F1D6652} => C:\Program Files\NTFS Link\ntfslink.dll (Michael Elsdoerfer)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {959BE5A4-EE6C-421B-BCF4-D90E4D8F869C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.253
Tcpip\..\Interfaces\{9070C6BC-FDE8-47DC-990D-F527F074EC3D}: [NameServer] 192.168.0.250

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.spiegel.de/|hxxp://www.rollingstone.de/|hxxp://www.zeit.de/index|https://secure-squashtv.premiumtv.co.uk/page/secure/BuyNow/?schemeAndHost=http%3A%2F%2Fwww.psasquashtv.com|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1335336225&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fskydrive.live.com%2F%3Flc%3D1031&lc=1031&id=250206&mkt=de-DE&cbcxt=sky
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Разпознаване на устройство Logitech - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\DeviceDetection@logitech.com [2011-10-19]
FF Extension: Free Download Manager plugin - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-12-13]
FF Extension: Xmarks - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\foxmarks@kei.com [2014-09-22]
FF Extension: KeeFox - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\keefox@chris.tomlinson [2014-09-22]
FF Extension: facebookvideo - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{43c35458-c907-439b-bcfd-07d373834689} [2010-06-25]
FF Extension: FT SleekDark - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012-05-09]
FF Extension: Aviary - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408} [2011-12-17]
FF Extension: Embedded Objects - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\firefox@red-cog.com.xpi [2012-01-24]
FF Extension: Facebook Privacy Watcher - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\fpw@informatik.tu-darmstadt.de.xpi [2012-11-09]
FF Extension: MozRepl - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\mozrepl@hyperstruct.net.xpi [2011-07-26]
FF Extension: MyPermissions Cleaner - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{6140bbfd-aa20-11e1-aba7-109add603214}.xpi [2014-01-10]
FF Extension: StumbleUpon - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-10-26]
FF Extension: Menu Editor - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2011-03-14]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-24]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.spiegel.de/
CHR StartupUrls: Default -> "hxxp://www.spiegel.de/", "hxxp://www.zeit.de/index", "https://startpage.com/deu/"
CHR DefaultSearchKeyword: Default -> 322926C86E96565B5B186D0D93824BA7109A5AB72F38EEFF449414F716A6F639
CHR DefaultSearchURL: Default -> 431FA44896D609C9D05DAD0EBC81671B01516EE64A9157C9D94B71F353B0BCD8
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (ClickPotatoLite Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-21]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-01]
CHR Extension: (Google-Suche) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-01]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Evernote Web Clipper) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2010-09-30]
CHR Extension: (Google Mail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-01]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THOMAS~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR StartMenuInternet: Google Chrome - C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2010-02-18] (ALWIL Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\aswServ.exe [138680 2010-02-18] (ALWIL Software)
R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe [254040 2010-02-18] (ALWIL Software)
R2 avast! NetAgent; C:\Program Files\Alwil Software\Avast4\AvAgent.exe [52160 2010-02-18] (ALWIL Software)
R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\aswWebSv.exe [352920 2010-02-18] (ALWIL Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128 2011-12-06] (mobile concepts GmbH)
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [218112 2013-07-16] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-09] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-05-20] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [549184 2007-10-26] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\Windows\System32\DRIVERS\aswFsBlk.sys [20560 2010-02-18] (ALWIL Software)
R2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [53328 2010-02-18] (ALWIL Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [23120 2010-02-18] (ALWIL Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [114768 2010-02-18] (ALWIL Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [48624 2010-02-18] (ALWIL Software)
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1269760 2010-05-19] (Atheros Communications, Inc.) [File not signed]
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-04-20] (Atheros Communications, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 MOBIOLA_Wave; C:\Windows\System32\drivers\mobiolawave.sys [25024 2010-05-14] (SHAPE Services)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2010-09-28] (Sonic Solutions) [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-11-23] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-21] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2012-03-06] (Acronis)
R1 uiwbrdr; C:\Windows\System32\DRIVERS\uiwbrdr.sys [144896 2011-11-21] (1&1 Mail & Media GmbH) [File not signed]
R3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [16640 2008-11-19] (Wondershare) [File not signed]
S3 catchme; \??\C:\Users\THOMAS~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 08:45 - 2014-09-26 08:46 - 00029671 _____ () C:\Users\User1\Desktop\FRST.txt
2014-09-26 08:45 - 2014-09-26 08:45 - 00000000 ____D () C:\Users\User1\Desktop\FRST-OlderVersion
2014-09-26 08:44 - 2014-09-26 08:44 - 00000041 _____ () C:\Users\User1\Desktop\checkup.txt
2014-09-26 08:41 - 2014-09-26 08:41 - 00854417 _____ () C:\Users\User1\Desktop\SecurityCheck.exe
2014-09-26 08:38 - 2014-09-26 08:38 - 00008202 _____ () C:\Users\User1\Desktop\eset_25_09_2014.txt
2014-09-26 02:32 - 2014-09-26 02:36 - 00000000 ____D () C:\Windows\rescache
2014-09-25 19:20 - 2014-09-25 19:20 - 00000000 ____D () C:\Program Files\ESET
2014-09-25 18:09 - 2014-09-25 19:03 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-25 10:51 - 2014-09-25 10:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 10:50 - 2014-09-25 10:50 - 01024790 _____ (Thisisu) C:\Users\User1\Desktop\JRT.exe
2014-09-25 10:48 - 2014-09-25 10:48 - 00033390 _____ () C:\Users\User1\Desktop\AdwCleaner[S0].txt
2014-09-25 10:45 - 2014-09-25 10:45 - 00000022 _____ () C:\Windows\S.dirmngr
2014-09-25 10:38 - 2014-09-25 10:43 - 00000000 ____D () C:\AdwCleaner
2014-09-25 10:33 - 2014-09-25 10:35 - 00010138 _____ () C:\Users\User1\Desktop\Malware_25_09_2014.txt
2014-09-25 10:19 - 2014-09-25 10:19 - 01373475 _____ () C:\Users\User1\Desktop\AdwCleaner_3.310.exe
2014-09-24 18:10 - 2014-05-17 04:33 - 00039624 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2014-09-24 18:07 - 2014-09-24 18:07 - 00001006 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-09-24 17:42 - 2014-09-24 17:42 - 00000000 ____D () C:\Users\User1\AppData\Roaming\WinPatrol
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\Program Files\Ruiware
2014-09-24 17:36 - 2014-09-24 17:36 - 01156136 _____ (Ruiware) C:\Users\User1\Desktop\wpsetup.exe
2014-09-24 15:12 - 2014-09-24 15:12 - 00036320 _____ () C:\ComboFix.txt
2014-09-24 14:42 - 2014-09-24 15:12 - 00000000 ____D () C:\Qoobox
2014-09-24 14:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-24 14:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-24 14:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-24 14:41 - 2014-09-24 15:10 - 00000000 ____D () C:\Windows\erdnt
2014-09-24 14:38 - 2014-09-24 14:38 - 05579290 ____R (Swearware) C:\Users\User1\Desktop\ComboFix.exe
2014-09-24 09:50 - 2014-09-24 09:50 - 00006570 _____ () C:\Users\User1\Desktop\GMER_24_09_2014.log
2014-09-24 08:59 - 2014-09-24 08:59 - 00380416 _____ () C:\Users\User1\Desktop\Gmer-19357.exe
2014-09-24 08:42 - 2014-09-26 08:45 - 00000000 ____D () C:\FRST
2014-09-24 08:41 - 2014-09-26 08:45 - 01100288 _____ (Farbar) C:\Users\User1\Desktop\FRST.exe
2014-09-24 08:40 - 2014-09-24 08:40 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-09-24 08:39 - 2014-09-24 08:39 - 00050477 _____ () C:\Users\User1\Desktop\Defogger.exe
2014-09-24 08:27 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 17:57 - 2014-09-23 18:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 17:56 - 2014-09-23 18:52 - 00000000 ____D () C:\Users\User1\Desktop\mbar
2014-09-23 17:14 - 2014-09-25 10:46 - 00000000 ___RD () C:\Users\User1\iCloudDrive
2014-09-23 17:12 - 2014-09-25 10:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 17:11 - 2014-09-23 17:56 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 17:00 - 2014-09-23 17:00 - 00000000 ____D () C:\Users\User1\AppData\Local\Apple Inc
2014-09-23 15:05 - 2014-09-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-22 18:54 - 2014-09-22 18:54 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884 (1).msi
2014-09-22 18:53 - 2014-09-22 18:53 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884.msi
2014-09-22 18:33 - 2014-09-22 18:36 - 117536504 _____ (Microsoft Corporation) C:\Users\User1\Downloads\msert.exe
2014-09-22 18:24 - 2014-09-22 18:24 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Simply Super Software
2014-09-22 18:00 - 2014-09-24 14:57 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-22 18:00 - 2014-09-22 18:00 - 00001101 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-09-22 17:58 - 2014-09-22 17:59 - 21657592 _____ (Simply Super Software ) C:\Users\User1\Downloads\trjsetup691.exe
2014-09-22 17:31 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Yzuxri
2014-09-17 13:17 - 2014-09-17 13:17 - 00000000 ____D () C:\Users\User1\Desktop\temp_files
2014-09-11 03:14 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:14 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:14 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:14 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:14 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:14 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:14 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:14 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:14 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:14 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:14 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:14 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:14 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:14 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:14 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:14 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:14 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:14 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:14 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:14 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:14 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:14 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:14 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:14 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:14 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:14 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:14 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:14 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:14 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:14 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:14 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 02:20 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 02:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 02:19 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 02:19 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 02:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 02:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:49 - 2014-09-10 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\Program Files\iPod
2014-09-05 11:52 - 2014-09-05 11:52 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Opera
2014-09-03 15:59 - 2014-09-03 15:59 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-28 09:15 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:15 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 08:44 - 2010-09-22 17:04 - 00000041 _____ () C:\Windows\Filzip.ini
2014-09-26 08:37 - 2010-07-12 16:46 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 08:14 - 2012-06-26 10:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 07:49 - 2010-05-31 10:28 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA.job
2014-09-26 03:10 - 2010-04-21 17:19 - 01119574 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 19:37 - 2010-07-12 16:46 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 19:18 - 2010-04-26 17:11 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Skype
2014-09-25 19:04 - 2012-04-20 18:40 - 00000000 ____D () C:\Users\User1\Downloads\iPod Photo Cache
2014-09-25 19:03 - 2012-04-27 10:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 16:49 - 2010-05-31 10:28 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core.job
2014-09-25 14:58 - 2010-05-31 10:29 - 00002389 _____ () C:\Users\User1\Desktop\Google Chrome.lnk
2014-09-25 10:52 - 2012-04-25 08:38 - 00000000 ___RD () C:\Users\User1\SkyDrive
2014-09-25 10:52 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 10:52 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 10:47 - 2011-02-16 19:01 - 00000000 ____D () C:\jexepackres
2014-09-25 10:46 - 2012-04-30 14:50 - 00000000 ___RD () C:\Users\User1\Google Drive
2014-09-25 10:46 - 2010-10-04 15:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Dropbox
2014-09-25 10:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 10:44 - 2014-08-14 09:09 - 00008308 _____ () C:\Windows\PFRO.log
2014-09-25 10:44 - 2014-03-06 11:50 - 00007592 _____ () C:\Windows\setupact.log
2014-09-25 10:44 - 2010-04-21 17:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-25 10:27 - 2010-12-06 17:08 - 00000000 ____D () C:\Windows\Msagent
2014-09-25 09:58 - 2009-07-25 14:54 - 01629442 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 09:03 - 2014-02-20 10:19 - 00002215 _____ () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-24 20:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 16:22 - 2010-08-30 09:05 - 00000000 ____D () C:\Users\User1\AppData\Local\Gladinet
2014-09-24 15:12 - 2010-10-26 09:00 - 00000000 ____D () C:\Users\Transfer
2014-09-24 15:12 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-09-24 15:12 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-24 15:05 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-24 15:01 - 2011-04-19 10:32 - 00000000 ____D () C:\Program Files\You Ripper
2014-09-24 08:40 - 2012-01-16 18:10 - 00000000 ____D () C:\Program Files\Free Download Manager
2014-09-24 08:40 - 2010-04-21 17:44 - 00000000 ____D () C:\Users\User1
2014-09-23 17:45 - 2010-04-21 18:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-09-23 17:11 - 2012-07-05 16:13 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-23 17:11 - 2012-07-05 16:13 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Malwarebytes
2014-09-23 17:11 - 2012-07-05 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 17:00 - 2010-04-26 17:01 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Apple Computer
2014-09-23 00:00 - 2010-04-21 17:25 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-22 17:39 - 2013-12-02 09:54 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForUser1.job
2014-09-22 15:21 - 2010-10-08 14:43 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-09-22 15:01 - 2010-10-04 15:51 - 00001038 _____ () C:\Users\User1\Desktop\Dropbox.lnk
2014-09-22 15:01 - 2010-10-04 15:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 14:56 - 2011-06-29 15:35 - 00000000 ____D () C:\Users\User1\AppData\Local\PokerStars.EU
2014-09-19 14:56 - 2010-04-21 19:40 - 00000000 ____D () C:\Program Files\Holdem Indicator
2014-09-17 14:42 - 2014-07-11 11:41 - 00000000 ____D () C:\Users\User1\AppData\Roaming\iFunbox_UserCache
2014-09-15 09:06 - 2010-04-21 18:33 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 03:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 03:14 - 2013-08-20 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:04 - 2014-05-06 20:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 03:04 - 2011-08-23 11:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 14:14 - 2012-06-26 10:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 14:14 - 2012-06-26 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 09:49 - 2014-07-22 11:30 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 09:48 - 2011-01-24 22:12 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:48 - 2010-04-26 16:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-09 15:57 - 2010-10-10 22:46 - 00007602 _____ () C:\Users\User1\AppData\Local\resmon.resmoncfg
2014-09-05 11:52 - 2009-07-14 04:04 - 00000520 _____ () C:\Windows\win.ini
2014-09-04 16:38 - 2011-06-29 15:35 - 00000000 ____D () C:\Program Files\PokerStars
2014-09-03 15:59 - 2010-04-26 17:10 - 00000000 ____D () C:\ProgramData\Skype
2014-08-29 03:21 - 2009-07-14 06:33 - 00539384 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\User1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbazx2i.dll
C:\Users\User1\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 02:25

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


und die Addition.txt:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by User1 at 2014-09-26 08:46:51
Running from C:\Users\User1\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1.5 (HKLM\...\{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1) (Version:  - Dirk Paehl)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
802.11g Wireless PCI Adapter (HKLM\...\InstallShield_{73B944DE-5AAF-4AD8-8688-60872CB227C6}) (Version: 1.0.0.1 - SMC)
802.11g Wireless PCI Adapter (Version: 1.0.0.1 - SMC) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0 - Adobe Systems) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Photoshop Elements 4.0 (HKLM\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 4.0 (Version: 4.0 - Adobe Systems, Inc.) Hidden
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Aimersoft DVD Creator(Build 2.5.2.15) (HKLM\...\Aimersoft DVD Creator_is1) (Version:  - Wondershare Software)
Air Video Server 2.4.3 (HKLM\...\Air Video Server) (Version: 2.4.3 - InMethod, s.r.o.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
avast! Antivirus (managed) (HKLM\...\avast!NET) (Version: 4.8 - Alwil Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities Digital Photo Professional 3.9 (HKLM\...\DPP) (Version: 3.9.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)
ChannelEditor (HKLM\...\{2CB14BDA-5241-4F45-98C5-23520E366B89}) (Version: 1.0.0 - inverto.tv)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
DMG Extractor (HKCU\...\DMG Extractor) (Version: 1.2.1.0 - Reincubate Ltd)
Drago 4.20 (HKLM\...\Drago_is1) (Version:  - Gilles Arcas-Luque)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVR-Studio Pro 2 (HKLM\...\{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}) (Version:  - Haenlein Software)
eDocPrintPro v3.15.2 (HKLM\...\{45B8441A-0346-4D6C-88A8-01821DA28D04}) (Version: 3.15.2 - MAY-Computer)
Emicsoft MKV Converter (HKLM\...\Emicsoft MKV Converter_is1) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Evernote v. 4.5.10 (HKLM\...\{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}) (Version: 4.5.10.7472 - Evernote Corp.)
Express Scribe (HKLM\...\Scribe) (Version:  - NCH Software)
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Filzip 3.06 (HKLM\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
Free Audio Converter version 5.0.26.622 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.26.622 - DVDVideoSoft Ltd.)
Free Download Manager 3.9.2 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.3.WIN.FullTilt.COM - )
Google Calendar Sync (HKLM\...\Google Calendar Sync) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.77 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Gpg4win (2.2.0-beta34) (HKLM\...\GPG4Win) (Version: 2.2.0-beta34 - The Gpg4win Project)
gs_x86 (HKLM\...\{6AB6CBD4-ED44-4EAA-8496-228395B1C1D0}) (Version: 8.64 - MAY-Computer)
HandBrake 0.9.5 (HKLM\...\HandBrake) (Version: 0.9.5 - )
HDD-Booster v1.2 (HKLM\...\HDD-Booster_is1) (Version:  - ASCOMP Software GmbH)
Holdem Indicator 1.8.4 (HKLM\...\Holdem Indicator_is1) (Version:  - hxxp://www.HoldemIndicator.com)
HP Customer Experience Enhancements (Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Softpaq SP500287 (HKLM\...\SP50028) (Version:  - )
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
iBackupBot for iTunes 3.1.6 (HKLM\...\iBackupBot for iTunes) (Version: 3.1.6 - VOWSoft, Ltd.)
iCloud (HKLM\...\{8D9592B4-7E22-4D1F-B2CB-B5F0F2F619CB}) (Version: 4.0.3.56 - Apple Inc.)
iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.8.2414.748 - )
iPhoneBrowser (HKLM\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTuner (HKLM\...\{E233EF8A-D04F-49B9-996B-218F3C3EA543}) (Version: 1.2.3782 - River Software)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
KeePass Password Safe 1.20 (HKLM\...\KeePass Password Safe_is1) (Version: 1.20 - Dominik Reichl)
KeePass Password Safe 2.20.1 (HKLM\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
Lexware Info Service (HKLM\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Lexware zeitmanagement 2011 (HKLM\...\{AE6E353F-A5D6-40E4-81FB-960EB7B207D7}) (Version: 2.05.00.0169 - Haufe-Lexware GmbH & Co.KG)
LibreOffice 4.1.3.2 (HKLM\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Lineal (HKLM\...\Lineal v1.6b_is1) (Version: 0.1.6b - )
lingDIALOG (HKLM\...\{627C5AC0-772C-4661-B696-42E04AEB1872}) (Version: 2.00.0010 - LingCom GmbH)
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0 - Logitech) Hidden
MakeMKV v1.8.11 (HKLM\...\MakeMKV) (Version: v1.8.11 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediencenter 3.9.1055.64 (HKCU\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2003 (HKLM\...\{90E00407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word 2000 SR-1 (HKLM\...\{00170407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Moorhuhn Remake (HKLM\...\{52210D57-0B1F-4681-90DD-8659DF4BCC40}) (Version: 1.00.0000 - )
Movies2iPhone 1.24 for Windows (HKLM\...\Movies2iPhone) (Version: 1.24 for Windows - OKprods Ltd)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Firefox 4.0b8 (x86 de) (HKLM\...\Mozilla Firefox 4.0b8 (x86 de)) (Version: 4.0b8 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nipperdey plus (HKLM\...\{C5FEF96A-0C31-4D2E-9112-C782065DEE40}) (Version: 1.0.15 - C. H. Beck)
Norton Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NTFS Link 2.1 (HKLM\...\ntfslink_is1) (Version:  - )
NVIDIA 3D Vision Controller Driver (Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9793 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.109 - PDF Complete, Inc)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PDFtoEPUB (HKLM\...\PDFtoEPUB) (Version: 1.5.0 - DNAML Pty Ltd.)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
Power Tab Editor 1.7 (HKLM\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Printer Pro Desktop (HKLM\...\PrinterProDesktop) (Version:  - Readdle)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QSynchronization for Outlook 2.5.5 (HKLM\...\QSynchronization for Outlook_is1) (Version:  - Thomas Quester)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version:  - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
ReNoStar Systemdateien II v.3 (HKLM\...\{3C36D2A0-5A6F-4437-A080-699557C6C8A1}) (Version: 8.70.0.7050 - ReNoStar GmbH)
ReNoStar Systemkomponenten (HKLM\...\InstallShield_{55A1EE3A-2143-4731-8243-3F807869FA66}) (Version: 8.40.0.4000 - ReNoStar GmbH)
ReNoStar Systemkomponenten (Version: 8.40.0.4000 - ReNoStar GmbH) Hidden
ReNoTicker Version 1.0 (HKLM\...\{33FF4DB1-87B2-4934-8563-CA489A1EF80D}_is1) (Version: 1.0 - ReNoStar GmbH)
RNSInstSevOutBar (HKLM\...\{ED689BFF-452F-471A-96DF-69210FEB359D}) (Version: 1.00.0000 - ReNoStar GmbH)
SDExplorer 3.0 (HKLM\...\SDEPRO20_is1) (Version: 3.0 - CloudStorageExplorer.com)
SetEditArgus (remove only) (HKLM\...\SetEditArgus) (Version:  - )
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SopCast 3.3.2 (HKLM\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.10194 - TeamViewer GmbH)
TP-LINK-Clientinstallationsprogramm (HKLM\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Trojan Remover 6.9.1 (HKLM\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
TunnelBear 1.0.28 (HKLM\...\TunnelBear) (Version: 1.0.28 - TunnelBear)
Tyre (HKLM\...\Tyre_is1) (Version: 6.3.0.2 - 't Schrijverke)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vokabeltrainer-Update 4.0.46 (HKLM\...\{7F2A96C8-B7F8-4C0E-B575-BC2378342962}) (Version: 4.0.46 - Langenscheidt)
VSDC Free Video Editor Version 2.1.9.201 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.9.201 - Flash-Integro LLC)
WEB.DE SmartDrive Manager (HKLM\...\WEB.DE SmartDrive Manager) (Version: 2.0.677 - 1&1 Mail & Media GmbH)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 4.2.9 (HKLM\...\winscp3_is1) (Version: 4.2.9 - Martin Prikryl)
Wise Registry Cleaner 6.14 (HKLM\...\Wise Registry Cleaner_is1) (Version:  - WiseCleaner.com, Inc.)
Wondershare Streaming Audio Recorder(Build 1.0.10.1) (HKLM\...\Wondershare Streaming Audio Recorder_is1) (Version:  - Wondershare Software)
Xilisoft iPad to PC Copy (HKLM\...\Xilisoft iPad to PC Copy) (Version: 4.2.1.0526 - Xilisoft)
Xvid 1.2.1 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\User1\AppData\Local\Google\Chrome\Application\22.0.1229.39\delegate_execute.exe" No  (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{E5F07F0E-C4AE-4AA8-AE7E-FC3DB683977E}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.71\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

26-09-2014 00:32:25 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-09-24 15:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0599AEA8-8B0E-4CCA-894C-3388A51516DF} - System32\Tasks\{D5B38D15-96B0-44AE-B5E3-D7781FB183C6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {1F6C46E3-0AF5-4425-8C9B-169308085EED} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-05-19] (Hewlett-Packard)
Task: {2B5754DC-6D11-4A99-903A-590F903FCCEC} - System32\Tasks\{E05D2DC7-405E-47BE-BEFB-BF1D8BD6D684} => C:\Program Files\Skype\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {41B17569-4162-4349-85BD-50950BE97451} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31] (Google Inc.)
Task: {4EEAF8B9-1753-4912-A7CE-1152DADC5B12} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31] (Google Inc.)
Task: {68D3D043-9928-42B6-ADC0-800076647375} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {A37ECFB2-7B4B-493B-B54C-D570865B15AC} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-05-19] (Hewlett-Packard)
Task: {AB7E5490-1C3D-41C0-9549-A352FCC95759} - System32\Tasks\HPCeeScheduleForUser1 => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {B50336E2-7335-49CA-BB6A-0697EE5F2431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-08-19] (Microsoft)
Task: {DD13DB6F-2EFF-431E-AEBE-60F12CD0D628} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E0759A1C-B0DE-49F8-A492-5C703BEDAA4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-08-19] (Microsoft)
Task: {EC16019C-3E05-449D-BA7E-6D1CA31D24C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-12] (Google Inc.)
Task: {EE704841-CE8F-4D6A-9C17-E0362C4E3A34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core.job => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA.job => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUser1.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-12-01 19:57 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2005-09-09 03:24 - 2005-09-09 03:24 - 00102400 _____ () C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-16 15:53 - 2013-07-16 15:53 - 00218112 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe
2013-07-16 15:49 - 2013-07-16 15:49 - 00221184 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll
2013-07-16 15:48 - 2013-07-16 15:48 - 00037888 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
2013-07-16 15:46 - 2013-07-16 15:46 - 00050176 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll
2013-07-16 15:49 - 2013-07-16 15:49 - 00069632 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll
2013-07-16 15:50 - 2013-07-16 15:50 - 00627712 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-11.dll
2012-11-21 04:02 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2010-09-22 03:03 - 2010-09-22 03:03 - 04923784 _____ () C:\Program Files\AirVideoServer\AirVideoServer.exe
1997-09-17 19:55 - 1997-09-17 19:55 - 00016896 _____ () C:\Windows\system32\fats_w32.dll
2014-09-25 10:46 - 2014-09-25 10:46 - 00043008 _____ () c:\Users\User1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbazx2i.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\User1\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-25 10:46 - 2014-09-25 10:46 - 00098816 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32api.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00110080 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\pywintypes27.dll
2014-09-25 10:46 - 2014-09-25 10:46 - 00364544 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\pythoncom27.dll
2014-09-25 10:46 - 2014-09-25 10:46 - 00045568 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\_socket.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 01160704 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\_ssl.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00320512 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32com.shell.shell.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00713216 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\_hashlib.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 01175040 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._core_.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00805888 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._gdi_.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00811008 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._windows_.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 01062400 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._controls_.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00735232 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._misc_.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00128512 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\_elementtree.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00127488 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\pyexpat.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00557056 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\pysqlite2._sqlite.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00007168 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\hashobjs_ext.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00087552 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\_ctypes.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00119808 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32file.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00108544 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32security.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00018432 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32event.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00038912 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32inet.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00070656 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._html2.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00167936 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32gui.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00011264 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32crypt.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00027136 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\_multiprocessing.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00686080 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\unicodedata.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00122368 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._wizard.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00010240 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\select.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00024064 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32pipe.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00025600 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32pdh.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00525640 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\windows._lib_cacheinvalidation.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00035840 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32process.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00017408 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32profile.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00022528 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32ts.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00078336 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._animate.pyd
2012-02-02 18:22 - 2012-02-02 18:22 - 02132992 _____ () C:\PROGRAM FILES\PRINTER PRO DESKTOP\PRINTERPRODESKTOP.EXE
2014-09-25 09:03 - 2014-09-25 09:03 - 00081056 _____ () C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-11-10 13:56 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-09-22 09:23 - 2004-09-08 13:45 - 00368128 _____ () C:\Program Files\Filzip\fzshext.dll
2014-09-25 09:03 - 2014-09-25 09:03 - 00081056 _____ () C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2012-01-16 18:10 - 2012-12-26 09:13 - 03547136 _____ () C:\Program Files\Free Download Manager\fdmbtsupp.dll
2014-09-25 14:57 - 2014-09-24 13:55 - 01042760 _____ () C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\libglesv2.dll
2014-09-25 14:57 - 2014-09-24 13:54 - 00211272 _____ () C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\libegl.dll
2014-09-25 14:57 - 2014-09-24 13:55 - 08910664 _____ () C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\pdf.dll
2014-09-25 14:57 - 2014-09-24 13:54 - 01681224 _____ () C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\ffmpegsumo.dll
2014-09-25 14:57 - 2014-09-24 13:55 - 14891848 _____ () C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1903734357-4184266498-2229017531-500 - Disabled - Status: Degraded)
Gast (S-1-5-21-1903734357-4184266498-2229017531-501 - Disabled - Status: Degraded)
User1 (S-1-5-21-1903734357-4184266498-2229017531-1000 - Enabled - Status: OK) => C:\Users\User1
UpdatusUser (S-1-5-21-1903734357-4184266498-2229017531-1005 - Enabled - Status: OK) => C:\Users\UpdatusUser
User1 (S-1-5-21-1903734357-4184266498-2229017531-1001 - Enabled - Status: OK)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2014 10:56:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 24.9.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1f4c

Startzeit: 01cfd89e7cc617a5

Endzeit: 16

Anwendungspfad: C:\Users\User1\Desktop\FRST.exe

Berichts-ID: cb641db6-4491-11e4-9108-d8d3857e19f6


System errors:
=============
Error: (09/26/2014 07:24:54 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne User1 aufgrund der folgenden
Ursache nicht einrichten:
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (09/26/2014 03:16:53 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne User1 aufgrund der folgenden
Ursache nicht einrichten:
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (09/25/2014 11:08:53 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne User1 aufgrund der folgenden
Ursache nicht einrichten:
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (09/25/2014 07:00:52 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne User1 aufgrund der folgenden
Ursache nicht einrichten:
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (09/25/2014 02:53:06 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne User1 aufgrund der folgenden
Ursache nicht einrichten:
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (09/25/2014 02:39:56 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================
Error: (09/25/2014 10:56:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe24.9.2014.01f4c01cfd89e7cc617a516C:\Users\User1\Desktop\FRST.execb641db6-4491-11e4-9108-d8d3857e19f6


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 84%
Total physical RAM: 3071.24 MB
Available physical RAM: 461.16 MB
Total Pagefile: 6156.77 MB
Available Pagefile: 2113.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:60 GB) (Free:13.94 GB) NTFS
Drive d: () (Fixed) (Total:400.08 GB) (Free:52.92 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:3.67 GB) (Free:0.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:0.48 GB) (Free:0.46 GB) FAT
Drive h: (Elements) (Fixed) (Total:698.46 GB) (Free:47.3 GB) FAT32
Drive i: (Musik) (Fixed) (Total:176.31 GB) (Free:24.09 GB) NTFS
Drive m: (WEB.DE SmartDrive) (Network) (Total:4 GB) (Free:3.06 GB) FAT
Drive z: () (Network) (Total:99.66 GB) (Free:56.73 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8AF67C0B)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=400.1 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=3.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: 465232C5)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=0C)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 186.3 GB) (Disk ID: 88A67620)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Not Active) - (Size=176.3 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 488.5 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
Nochmals: Vielen Dank!!

Nachtrag:
Habe SecurityCheck im "Kompatibilitätsmodus" laufen lassen. Hier das Ergebnis:

Code:
Results of screen317's Security Check version 0.99.87 
 Windows XP Service Pack 2 x86 (UAC is disabled!) 
 Out of date service pack!!
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 Trojan Remover 6.9.1 
 CCleaner   
 Wise Registry Cleaner 6.14 
 Java 7 Update 21 
 Java version out of Date!
 Adobe Flash Player        15.0.0.152 
 Mozilla Firefox 4.0b8 Firefox out of Date! 
 Mozilla Thunderbird (31.1.2)
 Google Chrome 38.0.2125.66 
 Google Chrome 38.0.2125.77 
 Google Chrome Plugins... 
````````Process Check: objlist.exe by Laurent```````` 
 WinPatrol winpatrol.exe
 Alwil Software Avast4 aswUpdSv.exe
 Alwil Software Avast4 aswServ.exe 
 Alwil Software Avast4 AvAgent.exe 
 Alwil Software Avast4 aswDisp.exe 
 Alwil Software Avast4 aswMaiSv.exe 
 Alwil Software Avast4 aswWebSv.exe 
 Ruiware WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 
````````````````````End of Log``````````````````````

schrauber 26.09.2014 15:52
Download Ordner leeren. Ebenso den ganzen Dreck auf D und H in den Download Ordnern......


Java updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.




Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

lawman99 30.09.2014 08:14
Herzlichen Dank. Rechner ist spürbar schneller :-)
Super Unterstützung und Hilfe

schrauber 01.10.2014 07:26
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131